Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 Host Profile Messages |
Base Rule |
General Profile Detection |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
Type (type) |
<vmid> |
Text/String |
Specifies the type of log; value is HIPMATCH. |
|
Threat/Content Type (subtype) |
<vendorinfo> |
Number |
Subtype of the HIP match log; unused. |
|
Source User (srcuser) |
<domainorigin>
|
Text/String |
Username of the user who initiated the session |
|
Machine Name (machinename) |
<sname> |
Text/String |
The name of the user’s machine. |
|
Source Address (src) |
<sip> |
IP Address |
IP address of the source user. |
|
HIP (matchname) |
<object> |
Text/String |
Name of the HIP object or profile. |
|
Repeat Count (repeatcnt) |
<quantity> |
Number |
Number of times the HIP profile matched. |
|
HIP Type (matchtype) |
<objecttype> |
Text/String |
Whether the hip field represents a HIP object or a HIP profile. |
|
Device Name (device_name) |
<objectname> |
Text/String |
The hostname of the firewall on which the session was logged. |
|
User Device Serial Number (serialnumber) |
<serialnumber> |
Text/String |
Serial number of the user’s machine or device. |
|
Device MAC Address (mac)* |
<smac> |
Text/String |
The MAC address of the user’s machine or device. |