Skip to main content
Skip table of contents

V 2.0 Scan Threat Messages

Vendor Documentation

https://www.paloaltonetworks.com/documentation

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 Scan Threat MessagesBase Rule

General Threat Message

Activity

V 2.0 Port Scan Detected

Sub RulePort ScanReconnaissance

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData Type
N/A<vmid>Text/String
N/A<tag1>String/Number/Text
N/A<sip>Text/String/Number
N/A<dip>Text/String/Number
N/A<snatip>Text/String/Number
N/A<dnatip>Text/String/Number
N/A<policy>Text/String/Number
N/A<domainorigin>Text/String
N/A<login>Text/String
N/A<sinterface>Text/String
N/A<dinterface>Text/String/Number
N/A<session>Number
N/A<quantity>Text/String
N/A<sport>Text/String
N/A<dport>Text/String
N/A<snatport>Number
N/A<dnatport>Number
N/A<protname>Text/String
N/A<action>Text/String
N/A<tag2>Text/String
N/A<threatname>Text/String
N/A<threatid>Number
N/A<severity>Text/String
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close