Transmitting Large Packet

Rule Name

Rule Type

Common Event

Classification

Transmitting Large Packet

Base Rule

Protocol Anomaly

Attack

Transmitting Large Packet

Sub Rule

Protocol Anomaly

Attack

SVC Connection Closed : DPD Failure

Sub Rule

Connection Dropped

Warning

SVC Connection Closed : Idle Timeout

Sub Rule

Connection Timeout

Warning

SVC Connection Closed : Transport Closing

Sub Rule

Connection Closed

Network Traffic

SVC Connection Closed : User Requested

Sub Rule

Connection Closed

Network Traffic

SVC Connection Closed : Max Time Exceeded

Sub Rule

Connection Timeout

Warning

SVC Connection Closed : Internal Error

Sub Rule

Internal Error

Error

SVC Connection Closed : Connection Preempted

Sub Rule

Connection Information

Information

SVC Connection Closed : Administrator Reset

Sub Rule

Administrative Operation

Other Audit Success

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<vmid>

Number

N/A

<severity>

Number

User

<login>

Text/String/Number

Group

<group>

Text/String

User

<domain>

Text/String

IP

<sip>

IP Address

svc closing connection

<tag1>

Text/String

N/A

<bytesin>

Number

threshold

<size>

Number