Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : SEP SONAR General Susp. Activity Detected |
Base Rule |
Suspicious Activity |
Suspicious |
|
V 2.0 : SEP SONAR Susp. Activity : Allowed By User |
Sub Rule |
General Security |
Other Security |
|
V 2.0 : SEP SONAR Susp. Actvty : All Actions Fail |
Sub Rule |
General Antivirus Error |
Error |
|
V 2.0 : SEP SONAR Suspicious Actvty : Quarantined |
Sub Rule |
Quarantined Message |
Failed Activity |
|
V 2.0 : SEP SONAR Susp. Activity : Access Denied |
Sub Rule |
Access Denied |
Warning |
|
V 2.0 : SEP SONAR Malware Found : Partially Repair |
Sub Rule |
Detected Malware Activity |
Malware |
|
V 2.0 : SEP SONAR Malware Found : Details Pending |
Sub Rule |
Detected Malware Activity |
Malware |
|
V 2.0 : SEP SONAR Malware Found : No Action Taken |
Sub Rule |
Detected Malware Activity |
Malware |
|
V 2.0 : SEP SONAR Suspicious Activity |
Sub Rule |
Suspicious Activity |
Suspicious |
|
V 2.0 : SEP SONAR Susp. Activity : Details Pending |
Sub Rule |
Suspicious Activity |
Suspicious |
|
V 2.0 : SEP SONAR Susp. Activity : No Action Taken |
Sub Rule |
Suspicious Activity |
Suspicious |
|
V 2.0 : SEP SONAR Malware Found : Quarantined |
Sub Rule |
Failed Malware Activity |
Failed Malware |
|
V 2.0 : SEP SONAR Threat Found : Deleted |
Sub Rule |
Threat Deleted |
Failed Activity |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<severity> |
Number |
|
N/A |
<dip> |
Number |
|
N/A |
<dname> |
String/Number/Text |
|
N/A |
<account> |
Text/String |
|
N/A |
<domainorigin> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<object> |
Text/String |
|
N/A |
<subject> |
Text/String |
|
N/A |
<threatname> |
String/Number/Text |
|
N/A |
<hash> |
String/Number/Text |
|
N/A |
<url> |
String/Number/Text |
|
N/A |
<action> |
Text/String |
|
N/A |
<quantity> |
Number |
|
N/A |
<size> |
Number |
|
N/A |
<tag2> |
Text/String |
|
N/A |
<tag1> |
Text/String |