V 2.0 : Traffic : Forward : VMID13
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0: 13_Forward Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0: 13_Forward Traffic Client-rst | Sub Rule | Connection Reset | Network Traffic |
V 2.0: 13_Forward Traffic Servert-rst | Sub Rule | Connection Reset | Network Traffic |
V 2.0: 13_Local Traffic Session Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0: 13_Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
V 2.0: 13_Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0: 13_Traffic Reset | Sub Rule | Connection Reset | Network Traffic |
V 2.0: 13_Traffic Session Denied | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
V 2.0: 13_Traffic Session Started | Sub Rule | Network Session Created | Network Traffic |
V 2.0: 13_Traffic Session Timeout | Sub Rule | Session Timeout | Warning |
V 2.0: Traffic: Forward: VMID13 | Base Rule | Traffic Allowed by Network Firewall | Network Allow |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
date | N/A | N/A | The date of the event. |
time | N/A | N/A | The time of the event. |
logid | <vmid> | Number | The log ID. |
type | <vendorinfo> | Text/String | The type of event. |
subtype | N/A | N/A | The subtype of the event. |
level | <severity> | Text/String | The level of the event. |
vd | <sessiontype> | Text/String | The virtual domain. |
eventtime | N/A | N/A | The event time in epoch format. |
srcip | <sip> | IP Address | The source IP address. |
srcport | <sport> | Number | The source port. |
srcintf | <sinterface> | Text/String | The source interface. |
srcintfrole | N/A | N/A | The role of the source interface. |
dstip | <dip> | IP Address | The destination IP address. |
dstport | <dport> | Number | The destination port. |
dstintf | <dinterface> | Text/String | The destination interface. |
dstintfrole | N/A | N/A | The role of the destination interface. |
srcuuid | N/A | N/A | The source UUID. |
dstuuid | N/A | N/A | The destination UUID. |
poluuid | N/A | N/A | The policy UUID. |
sessionid | <session> | Number | The session ID. |
proto | <protnum> | Number | The protocol. |
action | <action> | Text/String | The action, taken by the firewall. |
policyid | <policy> | Number | The policy ID. |
policytype | N/A | N/A | The type of policy. |
service | <protname> | Text/String | The service. |
dstcountry | N/A | N/A | The destination country. |
srccountry | N/A | N/A | The source country. |
trandisp | N/A | N/A | The traffic disposition. |
transip | <snatip> | IP Address | The translated IP address. |
transport | <snatport> | Number | The transport. |
appid | <object> | Number | The application ID. |
app | <objectname> | Text/String | The application. |
appcat | <objecttype> | Text/String | The application category. |
apprisk | <threatname> | Text/String | The application risk. |
applist | N/A | N/A | The application list. |
duration | <seconds> | Number | The duration of the event. |
sentbyte | <bytesin> | Number | The number of sent bytes. |
rcvdbyte | <bytesout> | Number | The number of received bytes. |
sentpkt | <packetsin> | Number | The number of sent packets. |
rcvdpkt | <packetsout> | Number | The number of received packets. |
utmaction | <status> | Text/String | The UTM action. |
countapp | <quantity> | Number | The number of applications. |
osname | N/A | N/A | The operating system name. |
mastersrcmac | N/A | N/A | The master source MAC address. |
srcmac | <smac> | Text/String | The source MAC address. |
dstmac | <dmac> | Text/String | The destination MAC address. |
user | <login> <domainorigin> | Text/String | User name |