Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : SEP Suspicious Activity : Allowed By User |
Sub Rule |
General Security |
Other Security |
|
V 2.0 : SEP Susp. Activity : All Actions Failed |
Sub Rule |
General Antivirus Error |
Error |
|
V 2.0 : SEP Suspicious Activity : Quarantined |
Sub Rule |
Quarantined Message |
Failed Activity |
|
V 2.0 : SEP Suspicious Activity : Access Denied |
Sub Rule |
Access Denied |
Warning |
|
V 2.0 : SEP Malware Found : Partially Repaired |
Sub Rule |
Detected Malware Activity |
Malware |
|
V 2.0 : SEP Malware Found : Details Pending |
Sub Rule |
Detected Malware Activity |
Malware |
|
V 2.0 : SEP Malware Found : No Action Taken |
Sub Rule |
Detected Malware Activity |
Malware |
|
V 2.0 : SEP Suspicious Activity |
Sub Rule |
Suspicious Activity |
Suspicious |
|
V 2.0 : SEP Suspicious Activity : Details Pending |
Sub Rule |
Suspicious Activity |
Suspicious |
|
V 2.0 : SEP Suspicious Activity : No Action Taken |
Sub Rule |
Suspicious Activity |
Suspicious |
|
V 2.0 : SEP General Suspicious Activity Detected |
Base Rule |
Suspicious Activity |
Suspicious |
|
V 2.0 : SEP Malware Found : Quarantined |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
V 2.0 : SEP Threat Found : Deleted |
Sub Rule |
Threat Deleted |
Failed Activity |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<dip> |
Number |
|
N/A |
<dname> |
String/Number/Text |
|
N/A |
<account> |
Text/String |
|
N/A |
<domainorigin> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<object> |
Text/String |
|
N/A |
<subject> |
Text/String |
|
N/A |
<threatname> |
String/Number/Text |
|
N/A |
<hash> |
String/Number/Text |
|
N/A |
<url> |
String/Number/Text |
|
N/A |
<action> |
Text/String |
|
N/A |
<quantity> |
Number |
|
N/A |
<size> |
Number |
|
N/A |
<tag2> |
Text/String |
|
N/A |
<tag1> |
Text/String |