V 2.0 Flow Allowed/Denied By Layer 3 Firewall Evt
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| V 2.0 Flow Allowed/Denied By Layer 3 Firewall Evt | Base Rule | Network Traffic | Flow Activity |
| V 2.0 Flow Allowed | Sub Rule | Network Allow | Traffic Allowed by Network Firewall |
| V 2.0 Flow Denied | Sub Rule | Network Deny | Traffic Denied by Network Firewall |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | N/A | N/A | flow start time |
| N/A | N/A | N/A | flow stop time |
| N/A | <object> | Text/String | device |
| N/A | <vendorinfo> | Text/String | event type |
| N/A | <action> <tag1> | Text/String Text/String | description |
| src | <sip> | IP Address | src_ip |
| dst | <dip> | IP Address | dst_ip |
| mac | <dmac> | Text/String | mac_addr |
| protocol | <protname> | Text/String | N/A |
| sport | <sport> | Number | src_port |
| dport | <dport> | Number | dst_port |