Skip to main content
Skip table of contents

V 2.0 Data/File/Virus/Spyware Threat Messages

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 Data/File/Virus/Spyware Threat MessagesBase RuleGeneral Threat MessageActivity
V 2.0 Spyware AlertSub RulePossible Spyware ActivityMalware
V 2.0 Spyware AllowedSub RulePossible Spyware ActivityMalware
V 2.0 Spyware DeniedSub RulePossible Spyware ActivityMalware
V 2.0 Spyware DroppedSub RulePossible Spyware ActivityMalware
V 2.0 Spyware ActivitySub RuleFailed Spyware ActivityFailed Malware
V 2.0 DLP AlertSub RuleGeneral Alert Log MessageActivity
V 2.0 DLP Event AllowedSub RuleTraffic Allowed by DLPNetwork Allow
V 2.0 DLP Event DeniedSub RuleTraffic Denied by DLPNetwork Deny
V 2.0 DLP Event DroppedSub RuleTraffic Denied by DLPNetwork Deny
V 2.0 DLP EventSub RuleTraffic Denied by DLPNetwork Deny
V 2.0 Potentially Threatening File AlertSub RulePotentially Threatening File ObservedActivity
V 2.0 Potentially Threatening File AllowedSub RulePotentially Threatening File ObservedActivity
V 2.0 Potentially Threatening File DeniedSub RuleFailed Suspicious ActivityFailed Suspicious
V 2.0 Potentially Threatening File DroppedSub RuleFailed Suspicious ActivityFailed Suspicious
V 2.0 Potentially Threatening FileSub RuleThreat BlockedFailed Activity
V 2.0 Virus AlertSub RulePossible Virus ActivityMalware
V 2.0 Virus AllowSub RuleDetected Virus ActivityMalware
V 2.0 Virus DeniedSub RuleFailed Virus ActivityFailed Malware
V 2.0 Virus DropSub RuleFailed Virus ActivityFailed Malware
V 2.0 Virus ActivitySub RuleThreat BlockedFailed Activity

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData Type
N/A<vmid>Text/String
N/A

<vendorinfo>

<tag1>

Text/String
N/A<sip>IP Address
N/A<dip>IP Address
N/A<snatip>IP Address
N/A<dnatip>IP Address
N/A<policy>Text/String
N/A

<domainorigin>

<login>

Text/String
N/A

<domainimpacted>

<account>

Text/String
N/A<sinterface>Text/String
N/A<dinterface>Text/String
N/A<session>Number
N/A<quantity>Number
N/A<sport>Number
N/A<dport>Number
N/A<snatport>Number
N/A<dnatport>Number
N/A<protname>Text/String
N/A

<action>

<tag2>

Text/String
N/A<object>Text/String
N/A<threatname>Text/String
N/A<threatid>Number
N/A<subject>Text/String
N/A<severity>Text/String
N/A<sender>Text/String
N/A<recipient>Text/String
N/A<objectname>Text/String
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.