Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0: IIS W3C Events |
Base Rule |
General IIS Activity |
Information |
|
V 2.0: HTTP POST 400: Bad Request |
Sub Rule |
HTTP 400: Bad Request |
Error |
|
V 2.0: HTTP POST 401: Unauthorized |
Sub Rule |
HTTP 401: Unauthorized |
Error |
|
V 2.0: HTTP POST 402: Request Err - Payment Req |
Sub Rule |
HTTP 402: Request Error - Payment Required |
Error |
|
V 2.0: HTTP POST 403: Forbidden |
Sub Rule |
HTTP 403: Forbidden |
Error |
|
V 2.0: HTTP POST 404: Not Found |
Sub Rule |
HTTP 404: Not Found |
Error |
|
V 2.0: HTTP POST 405: Method Not Allowed |
Sub Rule |
HTTP 405: Method Not Allowed |
Error |
|
V 2.0: HTTP POST 406: Not Acceptable |
Sub Rule |
HTTP 406: Not Acceptable |
Error |
|
V 2.0: HTTP POST 407: Proxy Authentication Req |
Sub Rule |
HTTP 407: Proxy Authentication Required |
Error |
|
V 2.0: HTTP POST 408: Request Timeout |
Sub Rule |
HTTP 408: Request Timeout |
Error |
|
V 2.0: HTTP POST 409: Conflict |
Sub Rule |
HTTP 409: Conflict |
Error |
|
V 2.0: HTTP POST 410: Gone |
Sub Rule |
HTTP 410: Gone |
Error |
|
V 2.0: HTTP POST 411: Length Required |
Sub Rule |
HTTP 411: Length Required |
Error |
|
V 2.0: HTTP POST 412: Precondition Failed |
Sub Rule |
HTTP 412: Precondition Failed |
Error |
|
V 2.0: HTTP POST 413: Request Entity Too Large |
Sub Rule |
HTTP 413: Request Entity Too Large |
Error |
|
V 2.0: HTTP POST 414: Request-URI Too Long |
Sub Rule |
HTTP 414: Request-URI Too Long |
Error |
|
V 2.0: HTTP POST 415: Unsupported Media Type |
Sub Rule |
HTTP 415: Unsupported Media Type |
Error |
|
V 2.0: HTTP POST 416: Requested Range Not Satisf |
Sub Rule |
HTTP 416: Requested Range Not Satisfiable |
Error |
|
V 2.0: HTTP POST 417: Expectation Failed |
Sub Rule |
HTTP 417: Expectation Failed |
Error |
|
V 2.0: HTTP POST 440: Req Error - Login Timeout |
Sub Rule |
HTTP 440: Request Error - Login Timeout |
Error |
|
V 2.0: HTTP POST 500 :Server Err - Int Server Err |
Sub Rule |
HTTP 500: Server Error - Internal Server Error |
Error |
|
V 2.0: HTTP POST 501: Server Err - Not Implement |
Sub Rule |
HTTP 501: Server Error - Not Implemented |
Error |
|
V 2.0: HTTP POST 502: Server Error - Bad Gateway |
Sub Rule |
HTTP 502: Server Error - Bad Gateway |
Error |
|
V 2.0: HTTP POST 503: Service Unavailable |
Sub Rule |
HTTP 503: Service Unavailable |
Error |
|
V 2.0: HTTP POST 504: Server Err -Gateway Timeout |
Sub Rule |
HTTP 504: Server Error - Gateway Time-Out |
Error |
|
V 2.0: HTTP POST 505: Server Err -HTTP Ver Unsupp |
Sub Rule |
HTTP 505: Server Error - HTTP Ver Unsupported |
Error |
|
V 2.0: HTTP POST 995: SSL Operation Aborted |
Sub Rule |
HTTP 995: Request Error - SSL Operation Aborted |
Error |
|
V 2.0: HTTP POST 100: Continue |
Sub Rule |
HTTP 100: Continue |
Information |
|
V 2.0: HTTP POST 101: Transition Status- Protocol |
Sub Rule |
HTTP 101: Transition Status - Protocol Switch |
Information |
|
V 2.0: HTTP POST 200: Success Reply - OK |
Sub Rule |
HTTP 200: Success Reply - OK |
Information |
|
V 2.0: HTTP POST 201: Success Reply - Created |
Sub Rule |
HTTP 201: Success Reply - Created |
Information |
|
V 2.0: HTTP POST 202: Success Reply - Accepted |
Sub Rule |
HTTP 202: Success Reply - Accepted |
Information |
|
V 2.0: HTTP POST 203: Success Reply - Non-auth |
Sub Rule |
HTTP 203: Success Reply - Nonauthoritative Info |
Information |
|
V 2.0: HTTP POST 204: Success Reply - No Content |
Sub Rule |
HTTP 204: Success Reply - No Content |
Information |
|
V 2.0: HTTP POST 205: Success Reply-Reset Content |
Sub Rule |
HTTP 205: Success Reply - Reset Content |
Information |
|
V 2.0 :HTTP POST 206: Success Rep -Partial Content |
Sub Rule |
HTTP 206: Success Reply - Partial Content |
Information |
|
V 2.0: HTTP POST 207: Success - Multistatus Resp |
Sub Rule |
HTTP 207: Success - Multistatus Response |
Information |
|
V 2.0: HTTP POST 300: Redirect - Multiple Choice |
Sub Rule |
HTTP 300: Redirect - Multiple Choices |
Information |
|
V 2.0: HTTP POST 301: Redirect - Moved Permanent |
Sub Rule |
HTTP 301: Redirect - Moved Permanently |
Information |
|
V 2.0: HTTP POST 302: Redirect - Moved Temporary |
Sub Rule |
HTTP 302: Redirect - Moved Temporarily |
Information |
|
V 2.0: HTTP POST 303: Redirect - See Other |
Sub Rule |
HTTP 303: Redirect - See Other |
Information |
|
V 2.0: HTTP POST 304: Redirect - Not Modified |
Sub Rule |
HTTP 304: Redirect - Not Modified |
Information |
|
V 2.0: HTTP POST 305: Redirect - Use Proxy |
Sub Rule |
HTTP 305: Redirect - Use Proxy |
Information |
|
V 2.0: HTTP POST 306: Redirect - Unused |
Sub Rule |
HTTP 306: Redirect - Unused |
Information |
|
V 2.0 :HTTP POST 307: Redirect -Temporary Redirect |
Sub Rule |
HTTP 307: Redirect - Temporary Redirect |
Information |
|
V 2.0: HTTP GET 100: Transitional - Continue |
Sub Rule |
HTTP 100: Continue |
Information |
|
V 2.0: HTTP GET 101: Transitional - Proto Switch |
Sub Rule |
HTTP 101: Transition Status - Protocol Switch |
Information |
|
V 2.0: HTTP GET 200: Success - OK |
Sub Rule |
HTTP 200: Success Reply - OK |
Information |
|
V 2.0: HTTP GET 201: Success - Created |
Sub Rule |
HTTP 201: Success Reply - Created |
Information |
|
V 2.0: HTTP GET 202: Success - Accepted |
Sub Rule |
HTTP 202: Success Reply - Accepted |
Information |
|
V 2.0: HTTP GET 203: Success - Nonauthoritative |
Sub Rule |
HTTP 203: Success Reply - Nonauthoritative Info |
Information |
|
V 2.0: HTTP GET 204: Success - No Content |
Sub Rule |
HTTP 204: Success Reply - No Content |
Information |
|
V 2.0: HTTP GET 205: Success - Reset Content |
Sub Rule |
HTTP 205: Success Reply - Reset Content |
Information |
|
V 2.0: HTTP GET 206: Success - Partial Content |
Sub Rule |
HTTP 206: Success Reply - Partial Content |
Information |
|
V 2.0: HTTP GET 207: Success - Mult Response |
Sub Rule |
HTTP 207: Success - Multistatus Response |
Information |
|
V 2.0: HTTP GET 300: Redirect - Multiple Choices |
Sub Rule |
HTTP 300: Redirect - Multiple Choices |
Information |
|
V 2.0: HTTP GET 301: Redirect - Moved Permanentl |
Sub Rule |
HTTP 301: Redirect - Moved Permanently |
Information |
|
V 2.0: HTTP GET 302: Redirect- Moved Temporarily |
Sub Rule |
HTTP 302: Redirect - Moved Temporarily |
Information |
|
V 2.0: HTTP GET 303: Redirect - See Other |
Sub Rule |
HTTP 303: Redirect - See Other |
Information |
|
V 2.0: HTTP GET 304: Redirect - Not Modified |
Sub Rule |
HTTP 304: Redirect - Not Modified |
Information |
|
V 2.0: HTTP GET 305: Redirect - Use Proxy |
Sub Rule |
HTTP 305: Redirect - Use Proxy |
Information |
|
V 2.0: HTTP GET 306: Redirect - Unused |
Sub Rule |
HTTP 306: Redirect - Unused |
Information |
|
V 2.0: HTTP GET 307: Redirect-Temporary Redirect |
Sub Rule |
HTTP 307: Redirect - Temporary Redirect |
Information |
|
V 2.0: HTTP GET 400: Req Error - Bad Request |
Sub Rule |
HTTP 400: Bad Request |
Error |
|
V 2.0: HTTP GET 401: Req Error - Unauthorized |
Sub Rule |
HTTP 401: Unauthorized |
Error |
|
V 2.0: HTTP GET 402: Req Error-Payment Required |
Sub Rule |
HTTP 402: Request Error - Payment Required |
Error |
|
V 2.0: HTTP GET 403: Req Error - Forbidden |
Sub Rule |
HTTP 403: Forbidden |
Error |
|
V 2.0: HTTP GET 404: Req Error - Not Found |
Sub Rule |
HTTP 404: Not Found |
Error |
|
V 2.0: HTTP GET 405: Req Error-Method Not Allowed |
Sub Rule |
HTTP 405: Request Error - Method Not Allowed |
Error |
|
V 2.0: HTTP GET 406: Req Error - Not Acceptable |
Sub Rule |
HTTP 406: Not Acceptable |
Error |
|
V 2.0: HTTP GET 407: Req Error-Proxy Auth Request |
Sub Rule |
HTTP 407: Request Error - Proxy Auth Required |
Error |
|
V 2.0: HTTP GET 408: Req Error -Request Time Out |
Sub Rule |
HTTP 408: Request Error - Request Time-Out |
Error |
|
V 2.0: HTTP GET 409: Req Error - Conflict |
Sub Rule |
HTTP 409: Request Error - Conflict |
Error |
|
V 2.0: HTTP GET 410: Req Error - Gone |
Sub Rule |
HTTP 410: Request Error - Gone |
Error |
|
V 2.0: HTTP GET 411: Req Error - Length Required |
Sub Rule |
HTTP 411: Request Error - Length Required |
Error |
|
V 2.0 :HTTP GET 412: Req Error-Precondition Failed |
Sub Rule |
HTTP 412: Request Error - Precondition Failed |
Error |
|
V 2.0: HTTP GET 413: Req Error-Req Item Too Big |
Sub Rule |
HTTP 413: Request Error - Request Item Too Big |
Error |
|
V 2.0: HTTP GET 414: Req Error-Req URL Too Large |
Sub Rule |
HTTP 414: Request-URI Too Long |
Error |
|
V 2.0: HTTP GET 415: Req Error -Unsupported Type |
Sub Rule |
HTTP 415: Request Error - Unsupported Type |
Error |
|
V 2.0 :HTTP GET 416: Req Error-Req Rng Unfillable |
Sub Rule |
HTTP 416: Request Error - Range Unfillable |
Error |
|
V 2.0: HTTP GET 417: Req Error -Expectation Failed |
Sub Rule |
HTTP 417: Request Error - Expectation Failed |
Error |
|
V 2.0: HTTP GET 440: Client Error -Login Timeout |
Sub Rule |
HTTP 440: Request Error - Login Timeout |
Error |
|
V 2.0: HTTP GET 500: Svr Err -Internal Server Err |
Sub Rule |
HTTP 500: Server Error - Internal Server Error |
Error |
|
V 2.0: HTTP GET 501: Svr Error - Not Implemented |
Sub Rule |
HTTP 501: Server Error - Not Implemented |
Error |
|
V 2.0: HTTP GET 502: Svr Error - Bad Gateway |
Sub Rule |
HTTP 502: Server Error - Bad Gateway |
Error |
|
V 2.0: HTTP GET 503: Svr Err-Service Unavailable |
Sub Rule |
HTTP 503: Server Error - Service Unavailable |
Error |
|
V 2.0: HTTP GET 504: Svr Error -Gateway Time Out |
Sub Rule |
HTTP 504: Server Error - Gateway Time-Out |
Error |
|
V 2.0 :HTTP GET 505: Svr Error-HTTP Ver Unsupported |
Sub Rule |
HTTP 505: Server Error - HTTP Ver Unsupported |
Error |
|
V 2.0: GET Request |
Sub Rule |
HTTP GET Method Event |
Information |
|
V 2.0: POST Request |
Sub Rule |
HTTP POST Method Event |
Information |
|
V 2.0: RPC_OUT_DATA: 200 - OK |
Sub Rule |
HTTP 200: Success Reply - OK |
Information |
|
V 2.0: RPC_IN_DATA: 404 - Not Found |
Sub Rule |
HTTP 404: Not Found |
Error |
|
V 2.0: RPC_OUT_DATA: 404 - Not Found |
Sub Rule |
HTTP 404: Not Found |
Error |
|
V 2.0: RPC_IN_DATA: 200 - OK |
Sub Rule |
HTTP 200: Success Reply - OK |
Information |
|
V 2.0: PROPFIND Request |
Sub Rule |
Webdav Protocol PROPFIND Method |
Activity |
|
V 2.0: HEAD Request |
Sub Rule |
HTTP Head |
Activity |
|
V 2.0: HTTP 440: Client Error - Login Timeout |
Sub Rule |
HTTP 440: Request Error - Login Timeout |
Error |
|
V 2.0: HTTP 207: Success - Multistatus Response |
Sub Rule |
HTTP 207: Success - Multistatus Response |
Information |
|
V 2.0: HTTP 100: Transitional - Continue |
Sub Rule |
HTTP 100: Transition Status - Continue |
Information |
|
V 2.0: HTTP 101: Transitional - Protocol Switch |
Sub Rule |
HTTP 101: Transition Status - Protocol Switch |
Information |
|
V 2.0: HTTP 200: Success - OK |
Sub Rule |
HTTP 200: Success Reply - OK |
Information |
|
V 2.0: HTTP 201: Success - Created |
Sub Rule |
HTTP 201: Success Reply - Created |
Information |
|
V 2.0: HTTP 202: Success - Accepted |
Sub Rule |
HTTP 202: Success Reply - Accepted |
Information |
|
V 2.0: HTTP 203: Success - Nonauthoritative Info |
Sub Rule |
HTTP 203: Success Reply - Nonauthoritative Info |
Information |
|
V 2.0: HTTP 204: Success - No Content |
Sub Rule |
HTTP 204: Success Reply - No Content |
Information |
|
V 2.0: HTTP 205: Success - Reset Content |
Sub Rule |
HTTP 205: Success Reply - Reset Content |
Information |
|
V 2.0: HTTP 206: Success - Partial Content |
Sub Rule |
HTTP 206: Success Reply - Partial Content |
Information |
|
V 2.0: HTTP 300: Redirect - Multiple Choices |
Sub Rule |
HTTP 300: Redirect - Multiple Choices |
Information |
|
V 2.0: HTTP 301: Redirect - Moved Permanently |
Sub Rule |
HTTP 301: Redirect - Moved Permanently |
Information |
|
V 2.0: HTTP 302: Redirect - Moved Temporarily |
Sub Rule |
HTTP 302: Redirect - Moved Temporarily |
Information |
|
V 2.0: HTTP 303: Redirect - See Other |
Sub Rule |
HTTP 303: Redirect - See Other |
Information |
|
V 2.0: HTTP 304: Redirect - Not Modified |
Sub Rule |
HTTP 304: Redirect - Not Modified |
Information |
|
V 2.0: HTTP 305: Redirect - Use Proxy |
Sub Rule |
HTTP 305: Redirect - Use Proxy |
Information |
|
V 2.0: HTTP 306: Redirect - Unused |
Sub Rule |
HTTP 306: Redirect - Unused |
Information |
|
V 2.0: HTTP 307: Redirect - Temporary Redirect |
Sub Rule |
HTTP 307: Redirect - Temporary Redirect |
Information |
|
V 2.0: HTTP 400: Req Error - Bad Request |
Sub Rule |
HTTP 400: Request Error - Bad Request |
Error |
|
V 2.0: HTTP 401: Req Error - Unauthorized |
Sub Rule |
HTTP 401: Request Error - Unauthorized |
Error |
|
V 2.0: HTTP 402: Req Error - Payment Required |
Sub Rule |
HTTP 402: Request Error - Payment Required |
Error |
|
V 2.0: HTTP 403: Req Error - Forbidden |
Sub Rule |
HTTP 403: Request Error - Forbidden |
Error |
|
V 2.0: HTTP 404: Req Error - Not Found |
Sub Rule |
HTTP 404: Request Error - Not Found |
Error |
|
V 2.0: HTTP 405: Req Error - Method Not Allowed |
Sub Rule |
HTTP 405: Request Error - Method Not Allowed |
Error |
|
V 2.0: HTTP 406: Req Error - Not Acceptable |
Sub Rule |
HTTP 406: Request Error - Not Acceptable |
Error |
|
V 2.0: HTTP 407: Req Error -Proxy Auth Requested |
Sub Rule |
HTTP 407: Request Error - Proxy Auth Required |
Error |
|
V 2.0: HTTP 408: Req Error - Request Time Out |
Sub Rule |
HTTP 408: Request Error - Request Time-Out |
Error |
|
V 2.0: HTTP 409: Req Error - Conflict |
Sub Rule |
HTTP 409: Request Error - Conflict |
Error |
|
V 2.0: HTTP 410: Req Error - Gone |
Sub Rule |
HTTP 410: Request Error - Gone |
Error |
|
V 2.0: HTTP 411: Req Error - Length Required |
Sub Rule |
HTTP 411: Request Error - Length Required |
Error |
|
V 2.0: HTTP 412: Req Error - Precondition Failed |
Sub Rule |
HTTP 412: Request Error - Precondition Failed |
Error |
|
V 2.0: HTTP 413: Req Error - Req Item Too Big |
Sub Rule |
HTTP 413: Request Error - Request Item Too Big |
Error |
|
V 2.0: HTTP 414: Req Error - Req URL Too Large |
Sub Rule |
HTTP 414: Request Error - Request-URL Too Large |
Error |
|
V 2.0: HTTP 415: Req Error - Unsupported Type |
Sub Rule |
HTTP 415: Request Error - Unsupported Type |
Error |
|
V 2.0: HTTP 416: Req Error - Req Rng Unfillable |
Sub Rule |
HTTP 416: Request Error - Range Unfillable |
Error |
|
V 2.0: HTTP 417: Req Error - Expectation Failed |
Sub Rule |
HTTP 417: Request Error - Expectation Failed |
Error |
|
V 2.0: HTTP 500: Svr Error - Internal Server Err |
Sub Rule |
HTTP 500: Server Error - Internal Server Error |
Error |
|
V 2.0: HTTP 501: Svr Error - Not Implemented |
Sub Rule |
HTTP 501: Server Error - Not Implemented |
Error |
|
V 2.0: HTTP 502: Svr Error - Bad Gateway |
Sub Rule |
HTTP 502: Server Error - Bad Gateway |
Error |
|
V 2.0: HTTP 503: Svr Error - Service Unavailable |
Sub Rule |
HTTP 503: Server Error - Service Unavailable |
Error |
|
V 2.0: HTTP 504: Svr Error - Gateway Time Out |
Sub Rule |
HTTP 504: Server Error - Gateway Time-Out |
Error |
|
V 2.0: HTTP 505: Svr Error - HTTP Ver Unsupporte |
Sub Rule |
HTTP 505: Server Error - HTTP Ver Unsupported |
Error |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
N/A |
N/A |
N/A |
date - The date on which the activity occurred. |
|
N/A |
N/A |
N/A |
time - The time, in coordinated universal time (UTC), at which the activity occurred. |
|
N/A |
<process> |
Text/String |
s-sitename - The Internet service name and instance number that was running on the client. |
|
N/A |
<dname> |
Text/String |
s-computername - The name of the server on which the log file entry was generated. |
|
N/A |
<dip> |
IP Address |
s-ip - The IP address of the server on which the log file entry was generated. |
|
N/A |
<command>
|
Text/String |
cs-method - The requested verb; for example, a GET method. |
|
N/A |
<url> |
Text/String |
cs-uri-stem - The target of the verb; for example, Default.htm. |
|
N/A |
<object> |
Text/String |
cs-uri-query - The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages. |
|
N/A |
<dport> |
Number |
s-port - The server port number that is configured for the service. |
|
N/A |
<login> |
Text/String |
cs-username - The name of the authenticated user that accessed the server. Anonymous users are indicated by a hyphen. |
|
N/A |
<sip> |
IP Address |
c-ip - The IP address of the client that made the request. |
|
N/A |
<version> |
Text/String |
cs-version - The HTTP protocol version that the client used. |
|
N/A |
<useragent> |
Text/String |
cs(User-Agent) - The browser type that the client used. |
|
N/A |
N/A |
N/A |
cs(Cookie) - The content of the cookie sent or received, if any. |
|
N/A |
N/A |
N/A |
cs(Referer) - The site that the user last visited. This site provided a link to the current site. |
|
N/A |
N/A |
N/A |
cs-host - The host header name, if any. |
|
N/A |
<responsecode>
|
Number |
sc-status - The HTTP status code. |
|
N/A |
N/A |
N/A |
sc-substatus - The substatus error code. |
|
N/A |
N/A |
N/A |
sc-win32-status - The Windows status code. |
|
N/A |
<bytesin> |
Number |
sc-bytes - The number of bytes sent by the server. |
|
N/A |
<bytesout> |
Number |
cs-bytes - The number of bytes received and processed by the server. |
|
N/A |
<milliseconds> |
Number |
time-taken - The length of time that the action took, in milliseconds. |