Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
SSL Messages |
Base Rule |
SSL Information-Only Event |
Information |
|
Starting SSL Handshake |
Sub Rule |
SSL Handshake |
Other Audit Success |
|
Completed SSL Handshake |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Request To Resume Previous SSL Session |
Sub Rule |
Request To Resume Previous SSL Session |
Other Audit |
|
SSL Session Terminated |
Sub Rule |
User Logoff |
Authentication Success |
|
Device Failed SSL Handshake With Client Outside |
Sub Rule |
SSL Handshake Failure |
Error |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
N/A |
<severity> |
Numeric |
|
N/A |
<dip> |
Number |
|
N/A |
<dname> |
Text/String |
|
N/A |
<dport> |
Number |
|
N/A |
<dnatip> |
Number |
|
N/A |
<dnatport> |
Number |
|
N/A |
<session> |
Text/String |