V 2.0 : Media Encryption & Port Protection Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : Media Encryption & Port Protection Events | Base Rule | General Information | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| Product | <vmid> | Text/String | Product name |
| Originip | <sip> | IP Address | IP of the log origin |
| origin | N/A | N/A | Name of the first Security Gateway that reported this event |
| Action | <action> | Text/String | Description of detected malware activity |
| SIP | <sip> | IP Address | Source IP |
| SPort | <sport> | Number | Source host port number |
| DIP | <dip> | IP Address | Destination IP |
| dport | <dport> | Number | |
| protocol | <protnum> | Text/String/Number | Protocol detected on the connection |
| ifname | <sinterface> | Text/String | The name of the Security Gateway interface, through which a connection traverses |
| ifdirection | N/A | N/A | N/A |
| reason | <reason> | Text/String | Information on the error occurred |
| Rule | N/A | N/A | N/A |
| Info | N/A | N/A | N/A |
| XlateSIP | <snatip> | IP Address | N/A |
| XlateSport | <snatport> | Number | N/A |
| XlateDIP | <dnatip> | IP Address | N/A |
| XlateDPort | <dnatport> | Number | N/A |
| user | N/A | N/A | Source user name |
| alert | N/A | N/A | N/A |
| icmp-code | N/A | N/A | N/A |
| icmp-type | N/A | N/A | N/A |
| matched_category | N/A | N/A | N/A |
| rule_name | N/A | N/A | Access rule name |
| Url | N/A | N/A | N/A |
| time | N/A | N/A | The time stamp when the log was created. |
| src_machine_name | <sname> | Text/String | Machine name connected to source IP |
| src_user_name | <login> | Text/String | User name connected to source IP |
| severity | <severity> | Text/String/Number | Threat severity determined by ThreatCloud Possible values: 0 -Informational 1 - Low 2 -Medium 3 - High 4 - Critical |
| description | N/A | N/A | N/A |
| client_name | N/A | N/A | N/A |
| flags | N/A | N/A | N/A |
| loguid | N/A | N/A | UUID of unified logs |
| sequencenum | N/A | N/A | Number added to order logs with the same linux timestamp and origin |
| __policy_id_tag | <policy> | Text/String | N/A |
| version | N/A | N/A | N/A |
| client_version | <version> | Text/String/Number | Build version of SandBlast Agent client installed on the computer |
| connectivity_state | <status> | Text/String | N/A |
| event_type | N/A | N/A | N/A |
| host_type | N/A | N/A | N/A |
| installed_products | N/A | N/A | N/A |
| is_scanned | N/A | N/A | N/A |
| local_time | N/A | N/A | N/A |
| machine_guid | N/A | N/A | N/A |
| media_authorized | N/A | N/A | N/A |
| media_class_id | <object> | Text/String | N/A |
| media_description | <subject> | Text/String | N/A |
| media_encrypted | N/A | N/A | N/A |
| media_manufacturer | N/A | N/A | N/A |
| media_type | <objecttype> | Text/String | N/A |
| os_name | N/A | N/A | Name of the OS installed on the source endpoint computer |
| os_version | N/A | N/A | Build version of the OS installed on the source endpoint computer |
| product_family | N/A | N/A | N/A |
| reading_data_access | N/A | N/A | N/A |
| user_name | N/A | N/A | N/A |
| user_sid | N/A | N/A | N/A |
| writing_data_access | N/A | N/A | N/A |
| log_link | N/A | N/A | N/A |