Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Process Messages |
Base Rule |
Information |
Process Status |
|
Listening For Connections |
Sub Rule |
Information |
Listener Message |
|
Allowing Connections |
Sub Rule |
Network Allow |
Traffic Allowed by Host Firewall |
|
Process Shutting Down |
Sub Rule |
Information |
Process Stopping |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
SYSD |
<severity> |
Text/String |
|
Mar 20 17:17:38 |
<dname> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<object> |
Text/String |
|
N/A |
<command> |
Text/String |
|
N/A |
<tag1> |
Text/String |
|
N/A |
<dport> |
Number |
|
N/A |
<objectname> |
Text/String |