Skip to main content
Skip table of contents

V 2.0 Scan Threat Messages 1

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log FieldLogRhythm DefaultLogRhythm Default v2.0
N/A<vmid><vmid>
N/A<tag1><tag1>
N/AN/A<threatname>
N/AN/A<threatid>
N/A<sip><sip>
N/A<dip><dip>
N/A<snatip><snatip>
N/A<dnatip><dnatip>
N/A<policy><policy>
N/A<domainorigin>

<domainorigin>

N/A<login><login>
N/A<account>N/A
N/A<process>N/A
N/A<group>N/A
N/A<sinterface><sinterface>
N/A<dinterface><dinterface>
N/A<session>N/A
N/A<quantity>N/A
N/A<sport>N/A
N/A<dport>N/A
N/A<snatport>N/A
N/A<dnatport>N/A
N/A<protname><protname>
N/A<action><action>
N/A<objectname>N/A
N/A<domainimpacted>N/A
N/A<objecttype>N/A
N/A<processid>N/A
N/A<tag2><tag2>
N/A<severity><severity>
N/A<hash>N/A
N/A<sender>N/A
N/A<subject>N/A
N/A<object>N/A
N/A<tag4>N/A
N/A<recipient>N/A
N/A<command>N/A
N/A <url>N/A
N/AN/A<session>
N/AN/A<quantity>
N/AN/A<sport>
N/AN/A<dport>
N/AN/A<snatport>
N/AN/A<dnatport>

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Events

Classifications

1000722

































































































































THREAT MessagesBase RuleGeneral Attack ActivityAttack
Potentially Threatening URL AllowedSub RuleWeb Activity AllowedActivity
URL AllowedSub RuleTraffic Allowed by Network FirewallNetwork Allow
URL Denied - Flood DetectedSub RuleGeneral Attack ActivityAttack
URL Threat Detected - Session DroppedSub RuleGeneral Attack ActivityAttack
URL Threat Detected - Packets DroppedSub RuleGeneral Attack ActivityAttack
URL Threat Detected - Dropped - Reset SentSub RuleGeneral Attack ActivityAttack
URL BlockedSub RuleTraffic Denied by Network FirewallNetwork Deny
Potential Virus Content AllowedSub RuleDetected Virus ActivityMalware
Virus Content AllowedSub RuleDetected Virus ActivityMalware
Virus Traffic DeniedSub RuleFailed Virus ActivityFailed Malware
Virus Traffic Dropped - Session DroppedSub RuleFailed Virus ActivityFailed Malware
Virus Detected - Packets DroppedSub RuleFailed Virus ActivityFailed Malware
Virus Detected - Dropped - Reset SentSub RuleFailed Virus ActivityFailed Malware
Malicious URL BlockedSub RuleFailed Malware ActivityFailed Malware
Potential Spyware Content AllowedSub RuleDetected Spyware ActivityMalware
Spyware Content AllowedSub RuleDetected Spyware ActivityMalware
Spyware Traffic DeniedSub RuleFailed Spyware ActivityFailed Malware
Spyware Traffic Dropped - Session DroppedSub RuleFailed Spyware ActivityFailed Malware
Spyware Detected - Packets DroppedSub RuleFailed Spyware ActivityFailed Malware
Spyware Detected - Dropped - Reset SentSub RuleFailed Spyware ActivityFailed Malware
Spyware BlockedSub RuleFailed Spyware ActivityFailed Malware
Potential Vulnerability Exploit AllowedSub RuleVuln High Severity : GeneralVulnerability
Vulnerability Exploit AllowedSub RulePotential Vulnerability Exploit AllowedActivity
Vulnerability Exploit DeniedSub RuleFailed General Attack ActivityFailed Attack
Vulnerability Exploit Traffic Drop - Session DropSub RuleFailed General Attack ActivityFailed Attack
Vulnerability Exploit Traffic Drop - Packet DropSub RuleFailed General Attack ActivityFailed Attack
Vulnerability Exploit Traffic Dropped - Reset SentSub RuleFailed General Attack ActivityFailed Attack
Vulnerability Exploit DroppedSub RuleFailed General Attack ActivityFailed Attack
Potentially Threatening File Observed - AllowedSub RulePotentially Threatening File ObservedActivity
Threatening File AllowedSub RuleUnauthorized Program/ProcessMisuse
Threatening File Type DeniedSub RuleFailed Malware ActivityFailed Malware
Threatening File Dropped - Session DroppedSub RuleFailed Malware ActivityFailed Malware
Threatening File Dropped - Packets DroppedSub RuleFailed Malware ActivityFailed Malware
Threatening File Dropped - Reset SentSub RuleFailed Malware ActivityFailed Malware
Threatening File BlockedSub RuleFailed Malware ActivityFailed Malware
Scan DetectedSub RulePort ScanReconnaissance
DoS DetectedSub RuleHost Denial Of ServiceDenial Of Service
Data Pattern FilteredSub RuleData Pattern FilteredFailed Activity
Threat Allow - Dead-SitesSub RuleUnauthorized WebsiteMisuse
Threat Allow - DatingSub RuleSocial Media ActivityMisuse
Threat Allow - Cult-And-OccultSub RuleUnauthorized ActivityMisuse
Threat Allow - Computer-And-Internet-SecuritySub RuleUnauthorized WebsiteMisuse
Threat Allow - Computer-And-Internet-InfoSub RuleUnauthorized WebsiteMisuse
Threat Allow - Business-And-EconomySub RuleUnauthorized WebsiteMisuse
Threat Allow - AuctionsSub RuleUnauthorized ActivityMisuse
Threat Allow - AnySub RuleUnauthorized WebsiteMisuse
Threat Alert - Web-HostingSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Web-Based-EmailSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - UnknownSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - TravelSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Training-And-ToolsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Swimsuits-And-Intimate-ApparelSub RuleFailed Adult ContentFailed Misuse
Threat Alert - Streaming-MediaSub RuleFailed Streaming MediaFailed Misuse
Threat Alert - Spyware-And-AdwareSub RuleFailed Spyware ActivityFailed Malware
Threat Alert - SportsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Spam-URLsSub RuleFailed Unauthorized E-mailFailed Misuse
Threat Alert - SocietySub RuleFailed Social Media ActivityFailed Misuse
Threat Alert - ShoppingSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Shareware-And-FreewareSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Search-EnginesSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - ReligionSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Reference-And-ResearchSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Real-EstateSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Private-IP-AddressesSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Philosophy-And-Political-AdvocacySub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Personal-Sites-And-BlogsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Pay-To-SurfSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Parked-DomainsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Online-Personal-StorageSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - News-And-MediaSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Motor-VehiclesSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Malware-SitesSub RulePossible Malware ActivityMalware
Threat Alert - Job-SearchSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Internet-PortalsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Internet-CommunicationsSub RuleFailed IM/Chat ActivityFailed Misuse
Threat Alert - Individual-Stock-Advice-And-ToolsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Image-And-Video-SearchSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Hunting-And-FishingSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Health-And-MedicineSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - GovernmentSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - GamesSub RuleFailed Game ActivityFailed Misuse
Threat Alert - Financial-ServicesSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Entertainment-And-ArtsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Educational-InstitutionsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Dead-SitesSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - DatingSub RuleFailed Social Media ActivityFailed Misuse
Threat Alert - Cult-And-OccultSub RuleFailed Adult ContentFailed Misuse
Threat Alert - Computer-And-Internet-SecuritySub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Computer-And-Internet-InfoSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Business-And-EconomySub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - AuctionsSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - AnySub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Content-Delivery-NetworksSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Home And GardenSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - LegalSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Local InformationSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Online MusicSub RuleFailed Streaming MediaFailed Misuse
Threat Alert - Social NetworkingSub RuleFailed Social Media ActivityFailed Misuse
Threat Alert - TranslationSub RuleFailed Unauthorized ActivityFailed Misuse
Threat Alert - Web AdvertisementsSub RuleFailed Unauthorized ActivityFailed Misuse
URL Block-ContinueSub RuleTraffic Allowed by Network FirewallNetwork Allow
Threatening File ForwardedSub RuleFile InterceptedActivity
URL Allowed : ContinueSub RuleTraffic Allowed by Network FirewallNetwork Allow
Vulnerability Exploit Traffic Dropped - Reset BothSub RuleFailed General Attack ActivityFailed Attack
Wildfire Upload - SkipSub RuleMessage SubmissionInformation
Wildfire Upload - SuccessSub RuleMessage SubmissionInformation
Brute Force Attack : FTP LoginSub RuleVuln High Severity : Brute Force AttackVulnerability
Wildfire-Virus Detected - Reset BothSub RuleFailed Virus ActivityFailed Malware
Wildfire - Potential Virus Content AllowedSub RuleDetected Virus ActivityMalware
Wildfire-Virus Content AllowedSub RuleDetected Virus ActivityMalware
Wildfire-Virus Traffic DeniedSub RuleFailed Virus ActivityFailed Malware
Wildfire-Virus Traffic Dropped - Session DroppedSub RuleFailed Virus ActivityFailed Malware
Wildfire-Virus Detected - Packets DroppedSub RuleFailed Virus ActivityFailed Malware
Wildfire-Virus Detected - Dropped - Reset SentSub RuleFailed Virus ActivityFailed Malware
Wildfire-Malicious URL BlockedSub RuleFailed Malware ActivityFailed Malware
Virus Detected - Dropped - Reset BothSub RuleFailed Virus ActivityFailed Malware
Spyware Detected - Dropped - Reset BothSub RuleFailed Spyware ActivityFailed Malware
Vuln Exploit Traffic Dropped - Reset ServerSub RuleFailed General Attack ActivityFailed Attack
Vulnerability Exploit Detected : Low SeveritySub RuleVuln Low Severity : GeneralVulnerability
File DetectedSub RuleSuspicious File DownloadActivity
Vulnerability Exploit Detected : High SeveritySub RuleVuln High Severity : GeneralVulnerability
Wildfire : Benign DeterminationSub RuleVirus Scan Completed - No Viruses FoundInformation
Wildfire : Grayware DeterminationSub RulePotentially Threatening File ObservedActivity
Wildfire : Malware DeterminationSub RuleDetected Virus ActivityMalware
Potential Vulnerability Exploit Allowed : LowSub RuleVuln Low Severity : GeneralVulnerability
Potential Vulnerability Exploit Allowed : InfoSub RuleVuln Low Severity : Information GatheringVulnerability
Vulnerability Exploit Detected : Medium SeveritySub RuleVuln Medium Severity : GeneralVulnerability
Failed Attack : Packet DroppedSub RuleFailed General Attack ActivityFailed Attack
Spyware Detected - Dropped - Reset ServerSub RuleFailed Spyware ActivityFailed Malware
Spyware Sinkhole Activity MessagesSub RuleSuspicious Network ActivitySuspicious

LogRhythm Default v2.0 

Regex IDRule NameRule TypeCommon EventsClassifications
1010881V 2.0 Scan Threat MessagesBase RuleGeneral Threat MessageActivity
V 2.0 Port Scan DetectedSub RulePort ScanReconnaissance
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close