Skip to main content
Skip table of contents

V 2.0 URL Threat Messages

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

Type (type)

<vmid>

<vmid>

Threat/Content Type (subtype)

<vendorinfo>
<tag1>

<vendorinfo>

Source address (src)

<sip>

<sip>

Destination address (dst)

<dip>

<dip>

NAT Source IP (natsrc)

<snatip>

<snatip>

NAT Destination IP (natdst)

<dnatip>

<dnatip>

Rule Name (rule)

<policy>

<policy>

Source User (srcuser)

<domainorigin>
<login>

<domainorigin>
<login>

Destination User (dstuser)

<account>

<domainimpacted>
<account>

N/A

<process>

N/A

N/A

<group>

N/A

Inbound Interface (inbound_if)

<sinterface>

<sinterface>

Outbound Interface (outbound_if)

<dinterface>

<dinterface>

Session ID (sessionid)

<session>

<session>

Repeat Count (repeatcnt)

<quantity>

<quantity>

Source Port (sport)

<sport>

<sport>

Destination Port (dport)

<dport>

<dport>

NAT Source Port (natsport)

<snatport>

<snatport>

NAT Destination Port (natdport)

<dnatport>

<dnatport>

Flags (flags)

N/A

<sessiontype>

IP Protocol (proto)

<protname>

<protname>

Action (action)

<action>
<tag4>
<command>

<action>
<tag1>

URL/Filename (misc)

N/A

<url>

Threat/Content Name (threatid)

<object>
<objecttype>

N/A

N/A

<objectname>
<url>
<domainimpacted>
<domainorigin>

N/A

N/A

<action>

N/A

Threat/Content Name (threatid)

<processid>

N/A

Category (category)

<tag2>
<process>

<subject>

Severity (severity)

<severity>

<severity>

N/A

<hash>

N/A

User Agent (user_agent)

N/A

<useragent>

Sender (sender)

<sender>

N/A

Subject (subject)

<subject>

N/A

Recipient (recipient)

<recipient>

N/A

Device Name (device_name)

N/A

<objectname>

Application Characteristic (characteristic_of_app)**

N/A

<group>

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Events

Classifications

1000722

































































































































THREAT Messages

Base Rule

General Attack Activity

Attack

Potentially Threatening URL Allowed

Sub Rule

Web Activity Allowed

Activity

URL Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

URL Denied - Flood Detected

Sub Rule

General Attack Activity

Attack

URL Threat Detected - Session Dropped

Sub Rule

General Attack Activity

Attack

URL Threat Detected - Packets Dropped

Sub Rule

General Attack Activity

Attack

URL Threat Detected - Dropped - Reset Sent

Sub Rule

General Attack Activity

Attack

URL Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Potential Virus Content Allowed

Sub Rule

Detected Virus Activity

Malware

Virus Content Allowed

Sub Rule

Detected Virus Activity

Malware

Virus Traffic Denied

Sub Rule

Failed Virus Activity

Failed Malware

Virus Traffic Dropped - Session Dropped

Sub Rule

Failed Virus Activity

Failed Malware

Virus Detected - Packets Dropped

Sub Rule

Failed Virus Activity

Failed Malware

Virus Detected - Dropped - Reset Sent

Sub Rule

Failed Virus Activity

Failed Malware

Malicious URL Blocked

Sub Rule

Failed Malware Activity

Failed Malware

Potential Spyware Content Allowed

Sub Rule

Detected Spyware Activity

Malware

Spyware Content Allowed

Sub Rule

Detected Spyware Activity

Malware

Spyware Traffic Denied

Sub Rule

Failed Spyware Activity

Failed Malware

Spyware Traffic Dropped - Session Dropped

Sub Rule

Failed Spyware Activity

Failed Malware

Spyware Detected - Packets Dropped

Sub Rule

Failed Spyware Activity

Failed Malware

Spyware Detected - Dropped - Reset Sent

Sub Rule

Failed Spyware Activity

Failed Malware

Spyware Blocked

Sub Rule

Failed Spyware Activity

Failed Malware

Potential Vulnerability Exploit Allowed

Sub Rule

Vuln High Severity : General

Vulnerability

Vulnerability Exploit Allowed

Sub Rule

Potential Vulnerability Exploit Allowed

Activity

Vulnerability Exploit Denied

Sub Rule

Failed General Attack Activity

Failed Attack

Vulnerability Exploit Traffic Drop - Session Drop

Sub Rule

Failed General Attack Activity

Failed Attack

Vulnerability Exploit Traffic Drop - Packet Drop

Sub Rule

Failed General Attack Activity

Failed Attack

Vulnerability Exploit Traffic Dropped - Reset Sent

Sub Rule

Failed General Attack Activity

Failed Attack

Vulnerability Exploit Dropped

Sub Rule

Failed General Attack Activity

Failed Attack

Potentially Threatening File Observed - Allowed

Sub Rule

Potentially Threatening File Observed

Activity

Threatening File Allowed

Sub Rule

Unauthorized Program/Process

Misuse

Threatening File Type Denied

Sub Rule

Failed Malware Activity

Failed Malware

Threatening File Dropped - Session Dropped

Sub Rule

Failed Malware Activity

Failed Malware

Threatening File Dropped - Packets Dropped

Sub Rule

Failed Malware Activity

Failed Malware

Threatening File Dropped - Reset Sent

Sub Rule

Failed Malware Activity

Failed Malware

Threatening File Blocked

Sub Rule

Failed Malware Activity

Failed Malware

Scan Detected

Sub Rule

Port Scan

Reconnaissance

DoS Detected

Sub Rule

Host Denial Of Service

Denial Of Service

Data Pattern Filtered

Sub Rule

Data Pattern Filtered

Failed Activity

Threat Allow - Dead-Sites

Sub Rule

Unauthorized Website

Misuse

Threat Allow - Dating

Sub Rule

Social Media Activity

Misuse

Threat Allow - Cult-And-Occult

Sub Rule

Unauthorized Activity

Misuse

Threat Allow - Computer-And-Internet-Security

Sub Rule

Unauthorized Website

Misuse

Threat Allow - Computer-And-Internet-Info

Sub Rule

Unauthorized Website

Misuse

Threat Allow - Business-And-Economy

Sub Rule

Unauthorized Website

Misuse

Threat Allow - Auctions

Sub Rule

Unauthorized Activity

Misuse

Threat Allow - Any

Sub Rule

Unauthorized Website

Misuse

Threat Alert - Web-Hosting

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Web-Based-Email

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Unknown

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Travel

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Training-And-Tools

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Swimsuits-And-Intimate-Apparel

Sub Rule

Failed Adult Content

Failed Misuse

Threat Alert - Streaming-Media

Sub Rule

Failed Streaming Media

Failed Misuse

Threat Alert - Spyware-And-Adware

Sub Rule

Failed Spyware Activity

Failed Malware

Threat Alert - Sports

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Spam-URLs

Sub Rule

Failed Unauthorized E-mail

Failed Misuse

Threat Alert - Society

Sub Rule

Failed Social Media Activity

Failed Misuse

Threat Alert - Shopping

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Shareware-And-Freeware

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Search-Engines

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Religion

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Reference-And-Research

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Real-Estate

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Private-IP-Addresses

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Philosophy-And-Political-Advocacy

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Personal-Sites-And-Blogs

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Pay-To-Surf

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Parked-Domains

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Online-Personal-Storage

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - News-And-Media

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Motor-Vehicles

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Malware-Sites

Sub Rule

Possible Malware Activity

Malware

Threat Alert - Job-Search

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Internet-Portals

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Internet-Communications

Sub Rule

Failed IM/Chat Activity

Failed Misuse

Threat Alert - Individual-Stock-Advice-And-Tools

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Image-And-Video-Search

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Hunting-And-Fishing

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Health-And-Medicine

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Government

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Games

Sub Rule

Failed Game Activity

Failed Misuse

Threat Alert - Financial-Services

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Entertainment-And-Arts

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Educational-Institutions

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Dead-Sites

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Dating

Sub Rule

Failed Social Media Activity

Failed Misuse

Threat Alert - Cult-And-Occult

Sub Rule

Failed Adult Content

Failed Misuse

Threat Alert - Computer-And-Internet-Security

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Computer-And-Internet-Info

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Business-And-Economy

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Auctions

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Any

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Content-Delivery-Networks

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Home And Garden

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Legal

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Local Information

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Online Music

Sub Rule

Failed Streaming Media

Failed Misuse

Threat Alert - Social Networking

Sub Rule

Failed Social Media Activity

Failed Misuse

Threat Alert - Translation

Sub Rule

Failed Unauthorized Activity

Failed Misuse

Threat Alert - Web Advertisements

Sub Rule

Failed Unauthorized Activity

Failed Misuse

URL Block-Continue

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Threatening File Forwarded

Sub Rule

File Intercepted

Activity

URL Allowed : Continue

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

Vulnerability Exploit Traffic Dropped - Reset Both

Sub Rule

Failed General Attack Activity

Failed Attack

Wildfire Upload - Skip

Sub Rule

Message Submission

Information

Wildfire Upload - Success

Sub Rule

Message Submission

Information

Brute Force Attack : FTP Login

Sub Rule

Vuln High Severity : Brute Force Attack

Vulnerability

Wildfire-Virus Detected - Reset Both

Sub Rule

Failed Virus Activity

Failed Malware

Wildfire - Potential Virus Content Allowed

Sub Rule

Detected Virus Activity

Malware

Wildfire-Virus Content Allowed

Sub Rule

Detected Virus Activity

Malware

Wildfire-Virus Traffic Denied

Sub Rule

Failed Virus Activity

Failed Malware

Wildfire-Virus Traffic Dropped - Session Dropped

Sub Rule

Failed Virus Activity

Failed Malware

Wildfire-Virus Detected - Packets Dropped

Sub Rule

Failed Virus Activity

Failed Malware

Wildfire-Virus Detected - Dropped - Reset Sent

Sub Rule

Failed Virus Activity

Failed Malware

Wildfire-Malicious URL Blocked

Sub Rule

Failed Malware Activity

Failed Malware

Virus Detected - Dropped - Reset Both

Sub Rule

Failed Virus Activity

Failed Malware

Spyware Detected - Dropped - Reset Both

Sub Rule

Failed Spyware Activity

Failed Malware

Vuln Exploit Traffic Dropped - Reset Server

Sub Rule

Failed General Attack Activity

Failed Attack

Vulnerability Exploit Detected : Low Severity

Sub Rule

Vuln Low Severity : General

Vulnerability

File Detected

Sub Rule

Suspicious File Download

Activity

Vulnerability Exploit Detected : High Severity

Sub Rule

Vuln High Severity : General

Vulnerability

Wildfire : Benign Determination

Sub Rule

Virus Scan Completed - No Viruses Found

Information

Wildfire : Grayware Determination

Sub Rule

Potentially Threatening File Observed

Activity

Wildfire : Malware Determination

Sub Rule

Detected Virus Activity

Malware

Potential Vulnerability Exploit Allowed : Low

Sub Rule

Vuln Low Severity : General

Vulnerability

Potential Vulnerability Exploit Allowed : Info

Sub Rule

Vuln Low Severity : Information Gathering

Vulnerability

Vulnerability Exploit Detected : Medium Severity

Sub Rule

Vuln Medium Severity : General

Vulnerability

Failed Attack : Packet Dropped

Sub Rule

Failed General Attack Activity

Failed Attack

Spyware Detected - Dropped - Reset Server

Sub Rule

Failed Spyware Activity

Failed Malware

Spyware Sinkhole Activity Messages

Sub Rule

Suspicious Network Activity

Suspicious

LogRhythm Default v2.0 

Regex ID

Rule Name

Rule Type

Common Events

Classifications

1010875

V 2.0 URL Threat Messages

Base Rule

General Threat Message

Activity

V 2.0 Potentially Malicious URL Allowed

Sub Rule

Traffic Allowed by Proxy

Network Allow

V 2.0 User Continue URL Block

Sub Rule

Traffic Allowed by Proxy

Network Allow

V 2.0 User Override URL Block

Sub Rule

Traffic Allowed by Proxy

Network Allow

V 2.0 URL Request Blocked

Sub Rule

Traffic Denied by Proxy

Network Deny

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.