V 2.0 IP Tag Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 IP Tag Messages | Base Rule | General Profile Detection | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Type (type) | <vmid> | Text/String | Specifies the type of log; value is IPTAG. |
| Threat/Content Type (subtype) | <vendorinfo> | Number | Subtype of the IPTAG log; unused. |
| Source IP (src) | <dip> | IP Address | The IP address of the source user. |
| Tag Name (tag_name) | <subject> | Text/String | The tag mapped to the source IP address. |
| Event ID (event_id) | <action> | Text/String | A string showing the name of the event. |
| Repeat Count (repeatcnt) | <quantity> | Number | The number of sessions with the same Source IP, Destination IP, Application, and Subtype seen within 5 seconds. |
| Data Source Name (datasourcename) | <object> | Text/String | The name of the source from which mapping information is collected. |
| Data Source Type (datasource_type) | <objecttype> | Text/String | The source from which mapping information is collected. |
| Device Name (device_name) | <objectname> | Text/String | The hostname of the firewall on which the session was logged |