Pattern 9 : Anti-Virus Logs
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Pattern 9 : Anti-Virus Logs | Base Rule | Security/Other | General Security |
| Checking For Virus Signature Update | Sub Rule | Ops/Information | Checking For Virus Signature Update |
| Virus Signature Update Not Needed | Sub Rule | Ops/Information | Virus Signature Update Not Needed |
| Anti-Virus Engine Update Not Needed | Sub Rule | Ops/Information | Anti-Virus Engine Update Not Needed |
| Anti-Virus Engine Started | Sub Rule | Ops/Information | Anti-Virus Engine Started |
| Anti-Virus Engine Reloaded | Sub Rule | Ops/Information | Anti-Virus Engine Reloaded |
| Message Virus Free | Sub Rule | Ops/Information | Message Virus Free |
| Virus Signatures Reloading | Sub Rule | Ops/Information | Virus Signatures Reloading |
| Anti-Virus Update Failed | Sub Rule | Ops/Error | Anti-Virus Update Failed |
| Error Transferring Anti-Virus Update | Sub Rule | Ops/Error | Error Transferring Anti-Virus Update |
| Virus Detected In Message | Sub Rule | Security/Failed Malware | Failed Virus Activity |
| Object Encrypted Messages | Sub Rule | Ops/Information | Encryption Information |
| Encrypted Object Messages | Sub Rule | Ops/Information | General Encryption Information |
| Virus Returning After Scan Messages | Sub Rule | Ops/Information | Antivirus Detection Negative |
| Virus Free Messages | Sub Rule | Ops/Information | Message Virus Free |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| MID | <session> | Number | |
| <object> | Text\String | ||
| <objecttype> | Text\String | ||
| <subject> | Text\String | ||
| <url> | Text\String | ||
<action> | Text\String | ||
<result> <tag2> | Text\String | ||
| <tag1> | Text\String |