V 2.0 : Smart Anti Spam Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : Smart Anti Spam Events | Base Rule | General Threat Message | Security : Activity |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| virtuallogsource | N/A | N/A | N/A |
| Subproduct | N/A | N/A | Can be vpn/non vpn |
| Product | <vmid> | Text/String | Product name |
| origin_ip | N/A | N/A | IP of the log origin |
| origin | N/A | N/A | Name of the first Security Gateway that reported this event |
| Action | <action> | Text/String | N/A |
| SIP | <sip> | IP Address | Source IP |
| SPort | <sport> | Number | Source host port number |
| DIP | <dip> | IP Address | Destination IP |
| dport | <dport> | Number | Destination Port |
| protocol | <protnum> | Number | Protocol detected on the connection |
| ifname | <sinterface> | Text/String | The name of the Security Gateway interface, through which a connection traverses |
| ifdirection | N/A | N/A | Connection direction |
| Reason | <reason> | Text/String | Information on the error occurred |
| Rule | N/A | N/A | Matched rule number |
| Info | N/A | N/A | N/A |
| XlateSIP | <snatip> | IP Address | Source ipv4 after applying NAT |
| XlateSport | <snatport> | Number | ource port after applying hide NAT on source IP |
| XlateDIP | <dnatip> | IP Address | Destination ipv4 after applying NAT |
| XlateDPort | <dnatport> | Number | Destination port after applying NAT |
| User | N/A | N/A | Source user name |
| alert | N/A | N/A | N/A |
| icmp-code | N/A | N/A | N/A |
| icmp-type | N/A | N/A | N/A |
| matched_category | N/A | N/A | N/A |
| src_user_name | <login> | Text/String | User name connected to source IP |
| recipients | <recipient> | Text/String | Target mail recipient |
| sender_address | <sender> | Text/String | Source mail address |
| Url | <url> | Text/String | N/A |
| rule_name | N/A | N/A | N/A |
| Query_snid | N/A | N/A | N/A |
| src_machine_name | <sname> | Text/String | Machine name connected to source IP |
| time | N/A | N/A | The time stamp when the log was created. |
| rule_uid | N/A | N/A | Access policy rule ID which the connection was matched on |
| flags | N/A | N/A | Checkpoint internal field |
| loguid | N/A | N/A | UUID of unified logs |
| sequencenum | N/A | N/A | Number added to order logs with the same linux timestamp and origin |
| version | N/A | N/A | N/A |
| __policy_id_tag | <policy> | Text/String | Checkpoint internal field |
| origin_sic_name | N/A | N/A | Machine SIC |
| control-analysis | N/A | N/A | N/A |
| dst_country | N/A | N/A | N/A |
| email_control | N/A | N/A | N/A |
| email_session_id | N/A | N/A | N/A |
| email_spam_category | N/A | N/A | N/A |
| recipients_number | N/A | N/A | N/A |
| sender_ip | N/A | N/A | N/A |
| src_user_dn | N/A | N/A | N/A |