V 2.0 Firewall Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
V 2.0 Firewall Event | Base Rule | Information | General Firewall Event |
V 2.0 Traffic Blocked | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
V 2.0 Traffic Allowed | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
V 2.0 Traffic Allowed_Pattern | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
V 2.0 Traffic Blocked_Pattern | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
N/A | N/A | N/A | Flow start time. |
N/A | N/A | N/A | Flow stop time. |
N/A | <object> | Text/String | Device name. |
N/A | <vendorinfo> | Text/String | N/A |
src | <sip> | IP Address | N/A |
dst | <dip> | IP Address | N/A |
mac | <smac> | Text/String/Number | N/A |
protocol | <protname> | Text/String | N/A |
sport | <sport> | Number | N/A |
dport | <dport> | Number | N/A |
pattern | <action> <tag2> | Text/String | N/A |
decision | <result> <tag1> | Text/String | N/A |