Skip to main content
Skip table of contents

V 2.0 : Attack Discovery Detection Event

Vendor Documentation


Rule Name

Rule Type


Common Event

V 2.0 : Attack Discovery Detection EventBase RuleAttackGeneral Attack Activity

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
Header (logVer)N/AN/ACEF format version
Header (vendor)N/AN/AAppliance vendor
Header (pname)N/AN/AAppliance product
Header (pver)N/AN/AAppliance version
Header (eventid)N/AN/AEvent ID
Header (eventName)<vmid>Text/StringLog name
Header (severity)N/AN/ASeverity
rtN/AN/ALog generation time in UTC
dhost<dname>Text/String/NumberEndpoint host name
dst<dip>IP AddressClient IPv4 address
c6a3<dip>IP AddressClient IPv6 address
customerExternalIDN/AN/AInstance ID
cn1LabelN/AN/ACorresponding label for the "cn1" field
cn1<severity>Number/Text/StringRisk Level
0: Unknown
100: Low risk
500: Medium risk
1000: High risk
cn2LabelN/AN/ACorresponding label for the "cn2" field
cn2N/AN/APattern Number
cs1LabelN/AN/ACorresponding label for the "cs1" field
cs1<policy>Text/StringRule ID
cat<subject>Text/StringCategory ID
cs2LabelN/AN/ACorresponding label for the "cs2" field
cs2N/AN/AAttack Discovery object information
deviceNtDomain<domainimpacted>Text/StringActive Directory domain
dntdomN/AN/AApex One domain hierarchy
TMCMLogDetectedHostN/AN/AEndpoint name where the log event occurred
TMCMLogDetectedIPN/AN/AIP address where the log event occurred
ApexCentralHostN/AN/AApex Central host name
devicePayloadIdN/AN/AUnique message GUID
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.