V 2.0 : DLP Logs
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : DLP Logs | Base Rule | General DLP Message | Information |
| V 2.0 : DLP Logs Block | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| V 2.0 : DLP Logs Monitor | Sub Rule | Service Monitoring | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Timestamp | N/A | N/A | The timestamp of the request transaction in UTC. |
| Event Type | N/A | N/A | The type of event that matched a data identifier. Inline, a proxy request, is the only current event type. |
| Unique Event ID | N/A | N/A | The unique identifier for the event. There can be multiple violation matches in one event. |
| Severity | <severity> | Text/String | The severity of the rule (Low, Medium, High, or Critical) |
| Identity | N/A | N/A | The source that triggered the violation. |
| Owner | N/A | N/A | The owner of the file. |
| Name | <object> | Text/String | The name of the file. |
| Application | <process> | Text/String | The application of the request. |
| Destination | <domainorigin> | Text/String | The domain of the request. |
| Action | <action> <tag1> | Text/String | If the violation was Blocked or Monitored. |
| Rule | <policy> | Text/String | The DLP rule name. |
| Data Classification | N/A | N/A | The data classification whose data identifier matched on the violation. |
| Data Identifier | N/A | N/A | The data identifier that matched on the request. |
| Content Type | N/A | N/A | The mime type of the file that matches the data identifier. |
| File Size | <size> | Number | The size of the file. |
| SHA256 Hash | <hash> | Text/String | The hex digest of the response content. |