Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Pattern 9 : Anti-Virus Logs |
Base Rule |
Security/Other |
General Security |
|
Checking For Virus Signature Update |
Sub Rule |
Ops/Information |
Checking For Virus Signature Update |
|
Virus Signature Update Not Needed |
Sub Rule |
Ops/Information |
Virus Signature Update Not Needed |
|
Anti-Virus Engine Update Not Needed |
Sub Rule |
Ops/Information |
Anti-Virus Engine Update Not Needed |
|
Anti-Virus Engine Started |
Sub Rule |
Ops/Information |
Anti-Virus Engine Started |
|
Anti-Virus Engine Reloaded |
Sub Rule |
Ops/Information |
Anti-Virus Engine Reloaded |
|
Message Virus Free |
Sub Rule |
Ops/Information |
Message Virus Free |
|
Virus Signatures Reloading |
Sub Rule |
Ops/Information |
Virus Signatures Reloading |
|
Anti-Virus Update Failed |
Sub Rule |
Ops/Error |
Anti-Virus Update Failed |
|
Error Transferring Anti-Virus Update |
Sub Rule |
Ops/Error
|
Error Transferring Anti-Virus Update |
|
Virus Detected In Message |
Sub Rule |
Security/Failed Malware
|
Failed Virus Activity |
|
Object Encrypted Messages |
Sub Rule |
Ops/Information |
Encryption Information |
|
Encrypted Object Messages |
Sub Rule |
Ops/Information |
General Encryption Information |
|
Virus Returning After Scan Messages |
Sub Rule |
Ops/Information |
Antivirus Detection Negative |
|
Virus Free Messages |
Sub Rule |
Ops/Information |
Message Virus Free |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
MID |
<session>
|
Number |
|
|
|
<object> |
Text\String |
|
|
|
<objecttype> |
Text\String |
|
|
|
<subject> |
Text\String |
|
|
|
<url> |
Text\String |
|
|
|
<action> |
Text\String |
|
|
|
<result> <tag2> |
Text\String |
|
|
|
<tag1> |
Text\String |
|