V 2.0 : IP Logs
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : IP Logs | Base Rule | General Network Traffic | Network Traffic |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Timestamp | N/A | N/A | When this request was made in UTC. This is different than the Umbrella dashboard, which converts the time to your specified time zone. |
| Identities | <object> | Text/String | All identities associated with this request. |
| Source IP | <sip> | IP Address | The IP of the computer making the request. |
| Source Port | <sport> | Number | The port the request was made on. |
| Destination IP | <dip> | IP Address | The destination IP requested. |
| Destination Port | <dport> | Number | The destination port the request was made on. |
| Categories | <subject> | Text/String | The security or content categories that the destination matches. For category definitions, see Understanding Security Categories and Understanding Content Categories. |
| Identity Types | <objecttype> | Text/String | The type of identity that made the request. For example, Roaming Computer, Network, and so on. Available in version 3 and above. |