Skip to main content
Skip table of contents

V 2.0 : Mobile App Events

Vendor Documentation

Classification

Rule NameRule TypeCommon EventClassification
V 2.0 : Mobile App EventsBase RuleGeneral InformationInformation

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
virtuallogsourceN/AN/AN/A
subproductN/AN/ACan be VPN or non-VPN
Product<vmid>Text/StringProduct name
OriginipN/AN/AIP of the log origin 
originN/AN/AName of the first Security Gateway that reported this event
Action<action>Text/StringN/A
SIP<sip>IP AddressSource IP
SPort<sport>NumberSource host port number
DIP<dip>IP AddressDestination IP
dport<dport>NumberDestination host port number
protocol<protnum>NumberProtocol detected on the connection
ifname<sinterface>Text/StringThe name of the Security Gateway interface through which a connection traverses
ifdirectionN/AN/AN/A
ReasonN/AN/AInformation on the error occurred
RuleN/AN/AMatched rule number
InfoN/AN/ARule information on the blocked diameter CMD
XlateSIP<snatip>IP AddressSource ipv4 after applying NAT
XlateSport<snatport>NumberSource port after applying hide NAT on source IP
XlateDIP<dnatip>IP AddressDestination ipv4 after applying NAT
XlateDPort<dnatport>NumberDestination port after applying NAT
UserN/AN/ASource user name
alertN/AN/AAlert level of matched rule (for connection logs)
icmp-codeN/AN/AN/A
icmp-typeN/AN/AN/A
matched_categoryN/AN/AName of matched category
rule_nameN/AN/AAccess rule name
UrlN/AN/AMatched URL
timeN/AN/AThe time stamp when the log was created
src_user_name<login>Text/StringUser name connected to source IP
Severity<severity>NumberThreat severity determined by ThreatCloud
Possible values:
0 - Informational
1 - Low
2 - Medium
3 - High
4 - Critical
Protection_TypeN/AN/AType of protection used to detect the attack
appi_nameN/AN/AApplication name
client_nameN/AN/AClient Application or Software Blade that detected the event
status<status>Text/StringOK/Warning/Error
flagsN/AN/ACheckpoint internal field
loguidN/AN/AUUID of unified logs 
sequencenumN/AN/ANumber added to order logs with the same Linux timestamp and origin
versionN/AN/AN/A
app_packageN/AN/AUnique identifier of the application on the protected mobile device
app_repackagedN/AN/AIndicates whether the original application was repackaged by someone other than the official developer
app_sig_idN/AN/AThe signature ID by which the application was detected
app_versionN/AN/AVersion of the application downloaded on the protected mobile device
calc_geo_locationN/AN/AN/A
client_version<version>NumberBuild version of SandBlast Agent client installed on the computer
dashboard_event_idN/AN/AN/A
dashboard_origN/AN/AN/A
dashboard_timeN/AN/AN/A
default_device_messageN/AN/AN/A
developer_certificate_nameN/AN/AName of the developer's certificate that was used to sign the mobile application
developer_certificate_shaN/AN/AN/A
device_identificationN/AN/AN/A
email_addressN/AN/AN/A
facilityN/AN/AN/A
hardware_modelN/AN/AN/A
host_typeN/AN/AN/A
incident_timeN/AN/AN/A
jailbreak_messageN/AN/AN/A
mdm_idN/AN/AN/A
os_nameN/AN/AName of the OS installed on the source endpoint computer
os_versionN/AN/ABuild version of the OS installed on the source endpoint computer
phone_numberN/AN/AN/A
sys_appN/AN/AN/A
syslog_severityN/AN/AN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.