V 2.0 : Inbound SEP Malicious Activity Detected
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : Inbound SEP Malicious Activity Detected | Base Rule | Suspicious Activity | Suspicious |
V 2.0 : Inbound SEP Identified Attack Sign. Detect | Sub Rule | General Attack Activity | Attack |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <sip> | Number |
| N/A | <sname> | String/Number/Text |
| N/A | <dip> | Number |
| N/A | <dname> | String/Number/Text |
| N/A | <sport> | String/Number/Text |
| N/A | <dport> | String/Number/Text |
| N/A | <smac> | String/Number/Text |
| N/A | <dmac> | String/Number/Text |
| N/A | <protname> | Text/String |
| N/A | <account> | Text/String |
| N/A | <domainimpacted> | Text/String |
| N/A | <subject> | Text/String |
| N/A | <threatname> | String/Number/Text |
| N/A | <threatid> <tag1> | String/Number/Text |
| N/A | <hash> | String/Number/Text |
| N/A | <url> | String/Number/Text |
| N/A | <quantity> | Number |