Skip to main content
Skip table of contents

V 2.0 : IPS Logs

Vendor Documentation


Rule NameRule TypeCommon EventClassification
V 2.0 : IPS LogsBase RuleGeneral IPS MessageInformation
V 2.0 : IPS Logs BlockedSub RuleTraffic Denied by Network FirewallNetwork Deny
V 2.0 : IPS Logs WarnSub RuleGeneral Network TrafficNetwork Traffic
V 2.0 : IPS Logs Would BlockSub RuleTraffic Denied by Network FirewallNetwork Deny

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

TimestampN/AN/AWhen this request was made in UTC.
Identities<object>Text/StringAll tunnel identities associated with this request.
Identity Types<objecttype>Text/StringThe type of identity associated with this request.
Generator IDN/AN/AUnique id assigned to the part of the IPS which generated the event.
Signature IDN/AN/AUsed to uniquely identify signatures.
Signature Message<subject>Text/StringA brief description of the signature.
Signature List IDN/AN/AUnique id assigned to a Default or Custom Signature List.
Severity<severity>Text/StringThe severity level of the rule, such as High, Medium, Low, and Very Low.
Attack ClassificationN/AN/AThe category of attack detected by a rule that is part of a more general type of attack class, such as trojan-activity, attempted-user, and unknown.
CVEs<cve>Text/StringA list of information about security vulnerabilities and exposures.
IP Protocol<protname>Text/StringThe actual protocol of the traffic, such as TCP, UDP, ICMP.
Session ID<session>NumberThe unique identifier of a session, which is used to group the correlated events between various services.
Source IP<sip>IP AddressThe IP of the computer making the request.
Source Port<sport>NumberThe port the request was made on.
Destination IP<dip>IP AddressThe destination IP requested.
Destination Port<dport>NumberThe destination port the request was made on.
Text/StringThe action performed when criteria meets a rule, such as block, warn, and would_block.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.