Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : Traffic : System |
Base Rule |
System Events |
Network Traffic |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
timestamp |
N/A |
N/A |
N/A |
|
devname |
N/A |
N/A |
N/A |
|
devid |
N/A |
N/A |
N/A |
|
vd |
<sessiontype> |
Text/String |
N/A |
|
itime |
N/A |
N/A |
N/A |
|
fctsn |
N/A |
N/A |
N/A |
|
date |
N/A |
N/A |
N/A |
|
time |
N/A |
N/A |
N/A |
|
logver |
<version> |
Number |
N/A |
|
id |
N/A |
N/A |
N/A |
|
type |
<vendorinfo> |
Text/String |
N/A |
|
subtype |
N/A |
N/A |
N/A |
|
eventtype |
N/A |
N/A |
N/A |
|
level |
<severity> |
Text/String |
N/A |
|
uid |
N/A |
N/A |
N/A |
|
hostname |
<sname> |
Text/String |
N/A |
|
pcdomain |
<domainorigin> |
Text/String |
N/A |
|
deviceip |
N/A |
N/A |
N/A |
|
devicemac |
<smac> |
Text/String |
N/A |
|
site |
N/A |
N/A |
N/A |
|
fctver |
N/A |
N/A |
N/A |
|
fgtserial |
N/A |
N/A |
N/A |
|
emsserial |
N/A |
N/A |
N/A |
|
usingpolicy |
<policy> |
Text/String |
N/A |
|
os |
<objecttype> |
Text/String |
N/A |
|
user |
<login> |
Text/String |
N/A |
|
msg |
<subject> |
Text/String |
N/A |
|
sessionid |
<session> |
Number |
N/A |
|
srcname |
<process> |
Text/String |
N/A |
|
srcproduct |
N/A |
N/A |
N/A |
|
srcip |
<sip> |
IP Address |
N/A |
|
srcport |
<sport> |
Number |
N/A |
|
direction |
N/A |
N/A |
N/A |
|
dstip |
<dip> |
IP Address |
N/A |
|
remotename |
<dname> |
Text/String |
N/A |
|
dstport |
<dport> |
Number |
N/A |
|
proto |
<protnum> |
Number |
N/A |
|
rcvdbyte |
<bytesin> |
Number |
N/A |
|
sentbyte |
<bytesout> |
Number |
N/A |
|
utmaction |
<action> |
Text/String |
N/A |
|
utmevent |
N/A |
N/A |
N/A |
|
threat |
<threatname> |
Text/String |
N/A |
|
service |
<parentprocessname> |
Text/String |
N/A |
|
userinitiated |
N/A |
N/A |
N/A |
|
browsetime |
N/A |
N/A |
N/A |
|
url |
<url> |
Text/String |
N/A |
|
tz |
N/A |
N/A |
N/A |