Traffic/UTM Messages
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Traffic/UTM Messages | Base Rule | General Network Traffic | Network Traffic |
| IPS Traffic | Sub Rule | General Attack Activity | Attack |
| Application Control Message | Sub Rule | General Application Control Message | Information |
| DLP Message | Sub Rule | General DLP Message | Information |
| General Forward Message | Sub Rule | Forwarding Data | Information |
| Webfilter Message | Sub Rule | General WebFilter Event | Information |
| Local Traffic Information | Sub Rule | Local Mode Request | Information |
| General Forward Message - Deny | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| Webfilter Web Ftgd Cat Allow | Sub Rule | General WebFilter Event | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| logid | <vmid> | Number | The ID (logid) is a 10-digit field. It is a unique identifier for that specific log. |
| msg | <vendorinfo> | Text\String | N/A |
| level | <severity> | Text\String | Each log entry contains a Level (level) field that indicates the estimated severity of the event that caused the log entry. |
| srcip | <sip> | IP Address | IP address of the traffic’s origin. |
| dstip | <dip> | IP Address | Destination IP address for the web. |
| hostname | <dname> | Text\String | N/A |
| srcport | <sport> | Number | Port number of the traffic's origin |
| dstport | <dport> | Number | Port number of the traffic's destination. |
| srcintf | <sinterface> | Text\String | Interface name of the traffic's origin. |
| dstintf | <dinterface> | Text\String | Interface of the traffic's destination. |
| proto | <protnum> | Number | The protocol used by web traffic (tcp by default). |
| service | <protname> | Text\String | Name of the service. |
| vd | <domainorigin> | Text\String | Name of the virtual domain in which the log message was recorded. |
| sessionid | <session> | Number | ID for the session. |
| direction | <object> | Text\String | N/A |
| type | <subject> | Text\String | N/A |
| attack | <threatname> | Text\String | N/A |
| url\ref | <url> | Text\String | N/A |
| catdesc | <group> | Text\String | N/A |
| action | <command> <action> | Text\String | N/A |
| rcvdbyte | <bytesin> | Number | N/A |
| sentbyte | <bytesout> | Number | N/A |
| subtype | <tag5> | Text\String | N/A |