V 2.0 IDS Alerts
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| V 2.0 IDS Alerts | Base Rule | Information | General IDS Signature Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | N/A | N/A | flow start time |
| N/A | N/A | N/A | flow stop time |
| N/A | <object> | Text/String | device |
| N/A | <vendorinfo> | Text/String | event type |
| signature | <threatid> | Text/String/Number | signature |
| priority | <severity> | Number | priority |
| timestamp | N/A | N/A | N/A |
| direction | N/A | N/A | direction |
| protocol | <protname> | Text/String | protocol |
| src | <sip> <sport> | IP Address Number | N/A |
| dhost | <dmac> | Text/String | N/A |
| dst | <dip> <dport> | IP Address Number | N/A |
| decision | <result> | Text/String | N/A |
| action | <action> | Text/String | N/A |
| message | <subject> | Text/String | N/A |