V 2.0 Host Profile Messages 1
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 Host Profile Messages | Base Rule | General Profile Detection | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Type (type) | <vmid> | Text/String | Specifies the type of log; value is HIPMATCH. |
| Threat/Content Type (subtype) | <vendorinfo> | Number | Subtype of the HIP match log; unused. |
| Source User (srcuser) | <domainorigin> <login> | Text/String | Username of the user who initiated the session |
| Machine Name (machinename) | <sname> | Text/String | The name of the user’s machine. |
| Source Address (src) | <sip> | IP Address | IP address of the source user. |
| HIP (matchname) | <object> | Text/String | Name of the HIP object or profile. |
| Repeat Count (repeatcnt) | <quantity> | Number | Number of times the HIP profile matched. |
| HIP Type (matchtype) | <objecttype> | Text/String | Whether the hip field represents a HIP object or a HIP profile. |
| Device Name (device_name) | <objectname> | Text/String | The hostname of the firewall on which the session was logged. |
| User Device Serial Number (serialnumber) | <serialnumber> | Text/String | Serial number of the user’s machine or device. |
| Device MAC Address (mac)* | <smac> | Text/String | The MAC address of the user’s machine or device. |