Process Messages
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Process Messages | Base Rule | Information | Process Status |
| Listening For Connections | Sub Rule | Information | Listener Message |
| Allowing Connections | Sub Rule | Network Allow | Traffic Allowed by Host Firewall |
| Process Shutting Down | Sub Rule | Information | Process Stopping |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| SYSD | <severity> | Text/String |
| Mar 20 17:17:38 | <dname> | Text/String |
| N/A | <process> | Text/String |
| N/A | <object> | Text/String |
| N/A | <command> | Text/String |
| N/A | <tag1> | Text/String |
| N/A | <dport> | Number |
| N/A | <objectname> | Text/String |