V 2.0 : System Monitor Events
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : System Monitor Events | Base Rule | Health Monitor Message | Information |
| V 2.0 : System Monitor : Problem Detected | Sub Rule | Health Warning | Warning |
| V 2.0 : System Monitor : Problem Resolved | Sub Rule | Device In Good Health | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| virtuallogsource | N/A | N/A | N/A |
| subproduct | N/A | N/A | Can be VPN or non-VPN |
| Product | <vmid> | Text/String | Product name |
| Originip | <dip> | IP Address | IP of the log origin |
| origin | N/A | N/A | Name of the first Security Gateway that reported this event |
| Action | N/A | N/A | N/A |
| SIP | N/A | N/A | Source IP |
| SPort | N/A | N/A | Source host port number |
| DIP | N/A | N/A | Destination IP |
| dport | N/A | N/A | Destination host port number |
| protocol | N/A | N/A | Protocol detected on the connection |
| ifname | N/A | N/A | The name of the Security Gateway interface through which a connection traverses |
| ifdirection | N/A | N/A | Connection direction |
| Reason | N/A | N/A | Information on the error occurred |
| Rule | N/A | N/A | Matched rule number |
| Info | N/A | N/A | Rule information on the blocked diameter CMD |
| XlateSIP | N/A | N/A | Source ipv4 after applying NAT |
| XlateSport | N/A | N/A | Source port after applying hide NAT on source IP |
| XlateDIP | N/A | N/A | Destination ipv4 after applying NAT |
| XlateDPort | N/A | N/A | Destination port after applying NAT |
| User | N/A | N/A | Source user name |
| alert | N/A | N/A | Alert level of matched rule (for connection logs) |
| icmp-code | N/A | N/A | N/A |
| icmp-type | N/A | N/A | N/A |
| matched_category | N/A | N/A | Name of matched category |
| rule_name | N/A | N/A | Access rule name |
| Url | N/A | N/A | Matched URL |
| time | N/A | N/A | The time stamp when the log was created |
| Severity | <severity> | Number | Threat severity determined by ThreatCloud Possible values: 0 - Informational 1 - Low 2 - Medium 3 - High 4 - Critical |
| flags | N/A | N/A | Checkpoint internal field |
| loguid | N/A | N/A | UUID of unified logs |
| sequencenum | N/A | N/A | Number added to order logs with the same Linux timestamp and origin |
| version | N/A | N/A | N/A |
| log_id | N/A | N/A | Unique identity for logs includes: Type, Family, Product/Blade, or Category |
| sensor_alert_blade | N/A | N/A | N/A |
| sensor_alert_category | N/A | N/A | N/A |
| sensor_alert_duration | N/A | N/A | N/A |
| sensor_alert_id | N/A | N/A | N/A |
| sensor_alert_message | <vendorinfo> | Text/String | N/A |
| sensor_alert_module | <object> | Text/String | N/A |
| sensor_alert_solution | N/A | N/A | N/A |
| sensor_alert_solution_sk | N/A | N/A | N/A |
| sensor_alert_source | <dname> | Text/String | N/A |
| sensor_alert_title | <subject> | Text/String | N/A |
| sensor_alert_type | <tag1> | Text/String | N/A |
| sensor_test_name | <policy> | Text/String | N/A |