Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : IP Logs |
Base Rule |
General Network Traffic |
Network Traffic |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
Timestamp |
N/A |
N/A |
When this request was made in UTC. This is different than the Umbrella dashboard, which converts the time to your specified time zone. |
|
Identities |
<object> |
Text/String |
All identities associated with this request. |
|
Source IP |
<sip> |
IP Address |
The IP of the computer making the request. |
|
Source Port |
<sport> |
Number |
The port the request was made on. |
|
Destination IP |
<dip> |
IP Address |
The destination IP requested. |
|
Destination Port |
<dport> |
Number |
The destination port the request was made on. |
|
Categories |
<subject> |
Text/String |
The security or content categories that the destination matches. For category definitions, see Understanding Security Categories and Understanding Content Categories. |
|
Identity Types |
<objecttype> |
Text/String |
The type of identity that made the request. For example, Roaming Computer, Network, and so on. Available in version 3 and above. |