V 2.0 Malicious File Blocked By Amp Event

Vendor Documentation

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Event_Types_and_Log_Samples

Rule Name	Rule Type	Classification	Common Event
V 2.0 Malicious File Blocked By Amp Event	Base Rule	Activity	General Threat Protection Event

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
url	<url>	Text/String	url
src	<sip> <sport>	IP Address Number	N/A
dst	<dip> <dport>	IP Address Number	N/A
mac	<dmac>	Text/String	mac_addr
name	<subject>	Text/String	name
sha256	<hash>	Text/String	sha256_hash
disposition	<result>	Text/String	disposition
action	<action>	Text/String	action