Transmitting Large Packet
Classification
| Rule Name | Rule Type | Common Event | Classification |
| Transmitting Large Packet | Base Rule | Protocol Anomaly | Attack |
| Transmitting Large Packet | Sub Rule | Protocol Anomaly | Attack |
| SVC Connection Closed : DPD Failure | Sub Rule | Connection Dropped | Warning |
| SVC Connection Closed : Idle Timeout | Sub Rule | Connection Timeout | Warning |
| SVC Connection Closed : Transport Closing | Sub Rule | Connection Closed | Network Traffic |
| SVC Connection Closed : User Requested | Sub Rule | Connection Closed | Network Traffic |
| SVC Connection Closed : Max Time Exceeded | Sub Rule | Connection Timeout | Warning |
| SVC Connection Closed : Internal Error | Sub Rule | Internal Error | Error |
| SVC Connection Closed : Connection Preempted | Sub Rule | Connection Information | Information |
| SVC Connection Closed : Administrator Reset | Sub Rule | Administrative Operation | Other Audit Success |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <vmid> | Number |
| N/A | <severity> | Number |
| User | <login> | Text/String/Number |
| Group | <group> | Text/String |
| User | <domain> | Text/String |
| IP | <sip> | IP Address |
| svc closing connection | <tag1> | Text/String |
| N/A | <bytesin> | Number |
| threshold | <size> | Number |