Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : Event : Security Rating |
Base Rule |
General Firewall Event |
Information |
|
V 2.0 : Log_Id_Event_Security_Audit_Fabric_Summary |
Sub Rule |
General Audit |
Other Audit Success |
|
V 2.0 : Log_Id_Event_Security_Audit_Fabric_Change |
Sub Rule |
General Audit |
Other Audit Success |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
date |
N/A |
N/A |
The date of the log event. |
|
time |
N/A |
N/A |
The time of the log event. |
|
logid |
<vmid> |
Number |
A unique identifier for the log event. |
|
type |
<vendorinfo> |
Text/String |
The type of log event. In this case, it is an event. |
|
subtype |
N/A |
N/A |
The subtype of the log event. In this case, it is a security-rating event. |
|
level |
<severity> |
Text/String |
The severity level of the log event. In this case, it is a notice. |
|
vd |
<sessiontype> |
Text/String |
The vdom in which the log event occurred. |
|
eventtime |
N/A |
N/A |
The time at which the log event occurred. |
|
logdesc |
<subject> |
Text/String |
The description of the log event. |
|
auditid |
N/A |
N/A |
The audit ID of the security rating. |
|
audittime |
N/A |
N/A |
The time at which the security rating was generated. |
|
auditscore |
<result> |
Text/String/Number |
The security rating score. |
|
criticalcount |
N/A |
N/A |
The number of critical security issues. |
|
highcount |
N/A |
N/A |
The number of high security issues. |
|
mediumcount |
N/A |
N/A |
The number of medium security issues. |
|
lowcount |
N/A |
N/A |
The number of low security issues. |
|
passedcount |
N/A |
N/A |
The number of security issues that passed. |