V 2.0 : Anti Virus Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
V 2.0 : Anti Virus Events | Base Rule | General Error Message | Error |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
virtuallogsource | N/A | N/A | N/A |
subproduct | N/A | N/A | Subproduct |
Product | <vmid> | Text/String | Product Name |
Originip | <dip> | Ip Address | IP of the log origin |
Origin | N/A | N/A | Name of the first Security Gateway that reported this event |
Action | N/A | N/A | Action of matched rule |
SIP | N/A | N/A | Source IP |
Sport | N/A | N/A | Source host port number |
DIP | N/A | N/A | Destination IP |
protocol | N/A | N/A | Protocol detected on the connection |
ifname | N/A | N/A | The name of the Security Gateway interface through which a connection traverses |
ifdirection | N/A | N/A | Connection direction |
Reason | <reason> | Text/String | Information on the error occurred |
Rule | N/A | N/A | Matched rule number |
Info | N/A | N/A | Special log message |
XlateSIP | N/A | N/A | Source ipv4 after applying NAT |
XlateSport | N/A | N/A | Source host port number after applying NAT |
XlateDip | N/A | N/A | Destination ipv4 after applying NAT |
xlateDPort | N/A | N/A | Destination host port number after applying NAT |
User | N/A | N/A | Source user name |
alert | N/A | N/A | Alert level of matched rule (for connection logs) |
icmp-code | N/A | N/A | In case a connection is ICMP, ICMP code info will be added to the log |
icmp-type | N/A | N/A | In case a connection is ICMP, type info will be added to the log |
matched_category | N/A | N/A | Name of matched category |
rule_name | N/A | N/A | Access rule name |
URL | N/A | N/A | Matched URL |
time | N/A | N/A | The time stamp when the log was created |
Severity | <severity> | Number | Threat severity determined by ThreatCloud |
description | <subject> | Text/String | N/A |
flags | N/A | N/A | Checkpoint internal field |
loguid | N/A | N/A | UUID of unified logs |
sequencenum | N/A | N/A | Number added to order logs with the same Linux timestamp and origin |
version | N/A | N/A | N/A |