V 2.0 : MTA Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : MTA Events | Base Rule | General Information | Information |
| V 2.0 : Email Delivered | Sub Rule | Email Delivered | Information |
| V 2.0 : Scan Completed | Sub Rule | Scan Completed | Other Audit Success |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| virtuallogsource | N/A | N/A | N/A |
| subproduct | N/A | N/A | N/A |
| Product | <vmid> | Text/String | Product name |
| Originip | N/A | N/A | IP of the log origin |
| origin | N/A | N/A | Name of the first Security Gateway that reported this event |
| Action | <action> | Text/String | Description of detected malware activity |
| SIP | <sip> | IP Address | Source IP |
| SPort | <sport> | Number | Source host port number |
| DIP | <dip> | IP Address | Destination IP |
| dport | <dport> | Number | Destination host port number |
| protocol | <protnum> | Number | Protocol detected on the connection |
| ifname | <sinterface> | Text/String | The name of the Security Gateway interface through which a connection traverses |
| ifdirection | N/A | N/A | Connection direction |
| reason | <reason> | Text/String | Information on the error occurred |
| Rule | N/A | N/A | N/A |
| Info | N/A | N/A | N/A |
| XlateSIP | <snatip> | IP Address | Source ipv4 after applying NAT |
| XlateSport | <snatport> | Number | Source port after applying hide NAT on source IP |
| XlateDIP | <dnatip> | IP Address | Destination ipv4 after applying NAT |
| XlateDPort | <dnatport> | Number | Destination port after applying NAT |
| user | <login> | Text/String | Source user name |
| alert | N/A | N/A | Alert level of matched rule (for connection logs) |
| icmp-code | N/A | N/A | N/A |
| icmp-type | N/A | N/A | N/A |
| matched_category | N/A | N/A | Name of matched category |
| rule_name | N/A | N/A | Access rule name |
| Url | <url> | Text/String | Matched URL |
| time | N/A | N/A | The time stamp when the log was created |
| to | <recipient> | Text/String | Email recipient |
| from | <sender> | Text/String | Email sender |
| Email_Subject | <subject> | Text/String | Subject of the email |
| file_size | <size> | Number | Size of the file |
| flags | N/A | N/A | N/A |
| logid | N/A | N/A | N/A |
| loguid | N/A | N/A | N/A |
| originsicname | N/A | N/A | N/A |
| sequencenum | N/A | N/A | N/A |
| version | N/A | N/A | N/A |
| arrival_time | N/A | N/A | N/A |
| attachments_num | N/A | N/A | N/A |
| delivery_time | N/A | N/A | N/A |
| email_content | N/A | N/A | N/A |
| email_headers | N/A | N/A | N/A |
| email_message_id | N/A | N/A | N/A |
| email_queue_id | N/A | N/A | N/A |
| email_queue_name | N/A | N/A | N/A |
| email_status | <status> <tag1> | Text/String | N/A |
| lastupdatetime | N/A | N/A | N/A |
| links_num | N/A | N/A | N/A |
| original_queue_id | N/A | N/A | N/A |
| scan_ended | N/A | N/A | N/A |
| scan_started | N/A | N/A | N/A |
| status_update | N/A | N/A | N/A |
| log_link | N/A | N/A | N/A |