V 2.0 : HTTPS Inspection Events
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : HTTPS Inspection Events | Base Rule | General Network Traffic | Network Traffic |
| V 2.0 : HTTPS Inspect : Action Failed | Sub Rule | Action Failure | Error |
| V 2.0 : HTTPS Inspect : Action Started | Sub Rule | Start Action | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Subproduct | N/A | N/A | Can be VPN or non-VPN |
| Product | <vmid> | Text/String | Product name |
| Originip | <dip> | IP Address | IP of the log origin |
| origin | N/A | N/A | Name of the first Security Gateway that reported this event |
| SIP | <sip> | IP Address | Source IP |
| SPort | <sport> | Number | Source host port number |
| DIP | N/A | N/A | Destination IP |
| dport | <dport> | Number | Destination port |
| ifname | <sinterface> | Text/String | The name of the Security Gateway interface through which a connection traverses |
| ifdirection | N/A | N/A | Connection direction |
| dst_machine_name | <dname> | Text/String | Machine name connected to destination IP |
| src_machine_name | <sname> | Text/String | Machine name connected to source IP |
| Action | <action> | Text/String | N/A |
| protocol | <protnum> | Number | Protocol detected on the connection |
| Url | N/A | N/A | N/A |
| User | N/A | N/A | Source user name |
| src_user_name | <login> | Text/String | User name connected to source IP |
| dst_user_name | <account> | Text/String | Connected user name on the destination IP |
| app_category | N/A | N/A | N/A |
| matched_category | N/A | N/A | Name of matched category |
| HTTPS_inspection_rule_name | N/A | N/A | Name of the matched rule |
| time | N/A | N/A | The time stamp when the log was created |
| Severity | <severity> | Number | Threat severity determined by ThreatCloud Possible values: 0 - Informational 1 - Low 2 - Medium 3 - High 4 - Critical |
| description | <vendorinfo> | Text/String | N/A |
| Reason | <reason> | Text/String | Information on the error occurred |
| alert | N/A | N/A | Alert level of matched rule (for connection logs) |
| status | <status> <tag1> | Text/String | N/A |
| flags | N/A | N/A | Checkpoint internal field |
| loguid | N/A | N/A | UUID of unified logs |
| originsicname | N/A | N/A | Machine SIC |
| sequencenum | N/A | N/A | Number added to order logs with the same Linux timestamp and origin |
| version | N/A | N/A | N/A |
| failure_impact | <result> | Text/String | The impact of update service failure |
| update_service | N/A | N/A | Checkpoint internal field |
| version | N/A | N/A | N/A |