Skip to main content
Skip table of contents

V 2.0 : CloudGuard IaaS Events

Vendor Documentation


Rule Name

Rule Type

Common Event


V 2.0 : CloudGuard IaaS EventsBase RuleGeneral InformationInformation

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

subproductN/AN/ACan be vpn/non vpn
Product<vmid>Text/StringProduct name
OriginipN/AN/AIP of the log origin 
originN/AN/AName of the first Security Gateway that reported this event
Action<action>Text/StringDescription of detected malware activity
SIP<sip>IP AddressSource IP
SPort<sport>NumberSource host port number
DIP<dip>IP AddressDestination IP
dport<dport>NumberDestination host port number
protocol<protnum>NumberProtocol detected on the connection
ifname<sinterface>Text/StringThe name of the Security Gateway interface, through which a connection traverses
ifdirectionN/AN/AConnection direction
Reason<reason>Text/StringInformation on the error occurred
RuleN/AN/AMatched rule number
Info<subject>Text/StringSpecial log message
XlateSIPN/AN/ASource ipv4 after applying NAT
XlateSportN/AN/Aource port after applying hide NAT on source IP
XlateDIPN/AN/ADestination ipv4 after applying NAT
XlateDPortN/AN/ADestination port after applying NAT
User<login>Text/StringSource user name
alertN/AN/AAlert level of matched rule (for connection logs)
matched_categoryN/AN/AName of matched category
rule_nameN/AN/AAccess rule name
Url<url>Text/StringMatched URL
timeN/AN/AThe time stamp when the log was created. 
Severity<severity>NumberThreat severity determined by ThreatCloud
Possible values:
0 -Informational
1 - Low
2 -Medium
3 - High
4 - Critical
flagsN/AN/ACheckpoint internal field
loguidN/AN/AUUID  of unified logs  
sequencenumN/AN/ANumber added to order logs with the same linux timestamp and origin
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.