Threat Emulation
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
Threat Emulation | Base Rule | General Threat Protection Event | Activity |
Threat Emulation : Detect | Sub Rule | General Threat Message | Activity |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
---|---|---|
Product | <version> | Text/String |
Origin | <sender> | Number/Text |
Action | <action> | Number/Text |
SIP | <sip> | Number |
SPort | <sport> | Number |
DIP | <dip> | Number |
dport | <dport> | Number |
protocol | <protname> | Number |
ifname | <sinterface> | Number/Text |
ifdirection | <tag2> | Number/Text |
Url | <url> | Number/Text |
Source_OS | <version> | Number/Text |
severity | <severity> | Number |
verdict | <result> | Text/String |
User | <login> | Number/Text |
src_user_name | <login> | Number/Text |
src_machine_name | <sname> | Number/Text |
from | <sender> | Number/Text |
to | <recipient> | Number/Text |
Email_Subject | <subject> | Number/Text |
email_scanned | <object> | Number/Text |
dst_user_name | <account> | Number/Text |
web_client_type | <useragent> | Number/Text |
user_status | <status> | Number/Text |
portal_message | <vendorinfo> | Number/Text |
file_name | <objectname> | Number/Text |
file_type | <objecttype> | Number/Text |
file_size | <bytesin> | Number |
file_size | <bytesout> | Number |
malware_detected | <amount> | Number |
file_md5 | <hash> | Number/Text |
Action | <tag1> | Text/String |