Policy Violation

Vendor Documentation

N/A

Classification

Rule Name	Rule Type	Common Event	Classification
Policy Violation	Base Rule	Security Policy Violation	Warning

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	N/A	N/A	N/A
N/A	N/A	N/A	Device Vendor
product_name	<vendorinfo>	Text/String	N/A
oci_version	<version>	Text/String	N/A
risk_type_description	<vmid>	Text/String	N/A
event_sub_category	<object>	Text/String	N/A
Severity	<severity>	Number	Severity level; ranges from 1 to 10 (critical).
type	<objecttype>	Number	Can be: 0—Base event. 1—Aggregate event
Desc	<subject>	N/A	N/A
shost	<sname>	Text/String	Resolved IPV4 host address. Present only for Threat Intelligence when both host and server are present. dvchost will not be present in his case.
src	<sip>	IP Address	Unresolved IPv4 host address. Present only for Threat Intelligence when both host and server are present. dvchost will not be present in his case.
dhost	<dname>	Text/String	Resolved IPv4 server address. Present only for Threat Intelligence when both host and server are present. dvchost will not be present in this case.
dst	<dip>	IP Address	Unresolved IPv4 server address. Present only for Threat Intelligence when both host and server are present. dvchost will not be present in his case. dhost will be present.
srcHostGroup	N/A	N/A	N/A
serverPort	<sport>	Number	Applicable only for Discovery events and NEW HOST APP subtype.
app	<protname>	Text/String	Protocol/Application
interfaceCount	<quantity>	Number	N/A
violationCount	N/A	N/A	N/A
start	N/A	N/A	Start time of event.
end	N/A	N/A	End time of event.
url	<url>	Text/String	N/A
srcCount	N/A	N/A	N/A
dstCount	N/A	N/A	N/A
appcount	N/A	N/A	N/A
serverPortCount	N/A	N/A	N/A
srcHostGroupCount	N/A	N/A	N/A
dstHostGroupCount	N/A	N/A	N/A
serverPortCount	N/A	N/A	N/A
appcount	N/A	N/A	N/A