Breadcrumbs

V 2.0 : Anti Virus Events

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : Anti Virus Events

Base Rule

General Error Message

Error

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

virtuallogsource

N/A

N/A

N/A

subproduct

N/A

N/A

Subproduct

Product

<vmid>

Text/String

Product Name

Originip

<dip>

Ip Address

IP of the log origin 

Origin

N/A

N/A

Name of the first Security Gateway that reported this event

Action

N/A

N/A

Action of matched rule

SIP

N/A

N/A

Source IP

Sport

N/A

N/A

Source host port number

DIP

N/A

N/A

Destination IP

protocol

N/A

N/A

Protocol detected on the connection

ifname

N/A

N/A

The name of the Security Gateway interface through which a connection traverses

ifdirection

N/A

N/A

Connection direction

Reason

<reason>

Text/String

Information on the error occurred

Rule

N/A

N/A

Matched rule number

Info

N/A

N/A

Special log message

XlateSIP

N/A

N/A

Source ipv4 after applying NAT

XlateSport

N/A

N/A

Source host port number after applying NAT

XlateDip

N/A

N/A

Destination ipv4 after applying NAT

xlateDPort

N/A

N/A

Destination host port number after applying NAT

User

N/A

N/A

Source user name

alert

N/A

N/A

Alert level of matched rule (for connection logs)

icmp-code

N/A

N/A

In case a connection is ICMP,  ICMP code info will be added to the log

icmp-type

N/A

N/A

In case a connection is ICMP, type info will be added to the log

matched_category

N/A

N/A

Name of matched category

rule_name

N/A

N/A

Access rule name

URL

N/A

N/A

Matched URL

time

N/A

N/A

The time stamp when the log was created

Severity

<severity>

Number

Threat severity determined by ThreatCloud 

description

<subject>

Text/String

N/A

flags

N/A

N/A

Checkpoint internal field

loguid

N/A

N/A

UUID  of unified logs

sequencenum

N/A

N/A

Number added to order logs with the same Linux timestamp and origin

version

N/A

N/A

N/A