Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
V 2.0: AnyConnect VPN Session Event |
Base Rule |
Information |
VPN Session Information |
|
V 2.0: Session Connected Messages |
Sub Rule |
Network Traffic |
Session Connected |
|
V 2.0: Session Disconnected Messages |
Sub Rule |
Network Traffic |
Disconnect Session |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
N/A |
N/A |
N/A |
Flow start time. |
|
N/A |
N/A |
N/A |
Flow stop time. |
|
N/A |
<object> |
Text/String |
Device name. |
|
type |
<vendorinfo> |
Text/String |
Event Type |
|
N/A |
<action> |
Text/String |
N/A |
|
Msg |
<session> |
Number |
N/A |
|
<sip> |
IP address |
N/A |
|
|
<login> |
Text/String |
N/A |
|
|
<status>, <tag1> |
Text/String |
N/A |
|
|
<protname> |
Text/String |
N/A |
|
|
<days> |
Number |
N/A |
|
|
<hours> |
Number |
N/A |
|
|
<minutes> |
Number |
N/A |
|
|
<seconds> |
Number |
N/A |
|
|
<bytesout> |
Number |
N/A |
|
|
<bytesin> |
Number |
N/A |
|
|
<reason> |
Text/String |
N/A |
|
|
<dip> |
IP address |
N/A |
|
|
<subject> |
Text/String |
N/A |