Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : DLP Logs |
Base Rule |
General DLP Message |
Information |
|
V 2.0 : DLP Logs Block |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
V 2.0 : DLP Logs Monitor |
Sub Rule |
Service Monitoring |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
Timestamp |
N/A |
N/A |
The timestamp of the request transaction in UTC. |
|
Event Type |
N/A |
N/A |
The type of event that matched a data identifier. Inline, a proxy request, is the only current event type. |
|
Unique Event ID |
N/A |
N/A |
The unique identifier for the event. There can be multiple violation matches in one event. |
|
Severity |
<severity> |
Text/String |
The severity of the rule (Low, Medium, High, or Critical) |
|
Identity |
N/A |
N/A |
The source that triggered the violation. |
|
Owner |
N/A |
N/A |
The owner of the file. |
|
Name |
<object> |
Text/String |
The name of the file. |
|
Application |
<process> |
Text/String |
The application of the request. |
|
Destination |
<domainorigin> |
Text/String |
The domain of the request. |
|
Action |
<action>
|
Text/String |
If the violation was Blocked or Monitored. |
|
Rule |
<policy> |
Text/String |
The DLP rule name. |
|
Data Classification |
N/A |
N/A |
The data classification whose data identifier matched on the violation. |
|
Data Identifier |
N/A |
N/A |
The data identifier that matched on the request. |
|
Content Type |
N/A |
N/A |
The mime type of the file that matches the data identifier. |
|
File Size |
<size> |
Number |
The size of the file. |
|
SHA256 Hash |
<hash> |
Text/String |
The hex digest of the response content. |