Skip to main content
Skip table of contents

V 2.0 : Content Awareness Events

Vendor Documentation


Rule NameRule TypeCommon EventClassification
V 2.0 : Content Awareness EventsBase RuleGeneral Network TrafficNetwork Traffic
V 2.0 : Content Awareness : Traffic AcceptSub RuleTraffic Allowed by Network FirewallNetwork Allow
V 2.0 : Content Awareness : Traffic RejectSub RuleTraffic Denied by Network FirewallNetwork Deny
V 2.0 : Content Awareness : Traffic AllowSub RuleTraffic Allowed by Network FirewallNetwork Allow
V 2.0 : Content Awareness : Traffic BlockSub RuleTraffic Denied by Network FirewallNetwork Deny

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
Product<vmid>Text/StringProduct name
OriginipN/AN/AIP of the log origin 
SIP<sip>IP AddressSource IP
OriginN/AN/AName of the first Security Gateway that reported this event
src_machine_nameN/AN/AMachine name connected to source IP
DIP<dip>IP AddressDestination IP
dst_machine_nameN/AN/AMachine name connected to destination IP
dport<dport>NumberDestination host port number
protocol<protnum>NumberProtocol detected on the connection
ifnameN/AN/AThe name of the Security Gateway interface, through which a connection traverses
ifdirectionN/AN/AConnection direction
UserN/AN/ASource user name
src_user_nameN/AN/AUser name connected to source IP
dst_user_nameN/AN/AConnected user name on the destination IP
file_name<object>NumberFile name
file_directionN/AN/AFile direction
Possible options: upload, download
file_type<objecttype>Text/StringClassified file type
file_size<size>NumberAttachment file size / Matched file size
data_type_nameN/AN/AData type in rulebase that was matched
file_id<object>NumberUnique file identifier
invalid_file_sizeN/AN/Afile_size field is valid only if this field is set to 0
top_archive_file_nameN/AN/AIn case of archive file: the file that was sent/received
connection_luuidN/AN/ACalculation of md5 of the IP and user name as UID
alertN/AN/AAlert level of matched rule (for connection logs)
loguidN/AN/AUUID of unified logs 
originsicnameN/AN/AMachine SIC 
sequencenumN/AN/ANumber added to order logs with the same Linux timestamp and origin
data_type_nameN/AN/AData type in rule base that was matched
specific_data_type_nameN/AN/ACompound/Group scenario, data type that was matched
word_listN/AN/AWords matched by data type
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.