V 2.0 General DNS Signature Information
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
---|---|---|
Type (type) | N/A | <vmid> |
Content/Threat Type (subtype) | N/A | <vendorinfo> |
Event ID (eventid) | N/A | <action> |
Object (object) | N/A | <object> |
Severity (severity) | <severity> | <severity> |
Description (opaque) | <subject> <tag1> <version> <dname> <dip> <tag2> | <subject> |
Device Name (device_name) | N/A | <objectname> |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
---|---|---|---|---|
1004489 | Catch All : System Messages | Base Rule | General System Information | Information |
All DNS Proxy Cache Entries Were Cleared | Sub Rule | Cache Information | Information | |
Antivirus Update Job Succeeded | Sub Rule | Process/Service Stopped | Startup and Shutdown | |
Auto Update Agent Found No New WildFire Updates | Sub Rule | General Automatic Updates Information | Information | |
EBL Refresh Aborted : No Changes To List | Sub Rule | No Change Detected In Signature File | Information | |
NTP Restart Synchronization Performed | Sub Rule | System Clock Synchronized | Information | |
User Information Refreshed | Sub Rule | Updated User Data | Information | |
WildFire Update Job Succeeded | Sub Rule | Process/Service Stopped | Startup and Shutdown | |
Communication Error : Fail WildFire Upgrade Check | Sub Rule | Communication Failure | Error | |
Antivirus Version Does Not Match | Sub Rule | General Antivirus Warning | Warning | |
Wildfire Auto Update Failed | Sub Rule | Software Update Failed | Error | |
Antivirus : Upload Deployment Job Failed | Sub Rule | File Upload Failed | Error | |
Antivirus : Upload Deployment Job Succeeded | Sub Rule | File Uploaded | Information | |
Content : Upload Deployment Job Failed | Sub Rule | File Upload Failed | Error | |
Content : Upload Deployment Job Succeeded | Sub Rule | File Uploaded | Information | |
License : Upload Deployment Job Failed | Sub Rule | File Upload Failed | Error | |
Antivirus Install Failed | Sub Rule | General Software Installation Error | Error | |
Antivirus Install Succeeded | Sub Rule | Software Installed | Configuration | |
License Install Failed | Sub Rule | License Warning | Warning | |
License Install Succeeded | Sub Rule | License Installed | Information | |
Succeeded Exporting Config Bundle Via SSH | Sub Rule | Configuration Exporting | Other Audit Success | |
Traffic And Logging Resumed | Sub Rule | General Traffic Other Alert | Critical | |
Abnormal System Memory Usage | Sub Rule | Memory Usage Exceeded The Threshold | Warning | |
Traffic And Logging Are Resumed | Sub Rule | General Traffic Other Alert | Critical | |
Route Removed | Sub Rule | Static Route Removed | Information | |
Route Recovered | Sub Rule | Route Created | Information |
LogRhythm Default v2.0
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
---|---|---|---|---|
1010863 | V 2.0 General DNS Signature Information | Base Rule | General Information | Information |