VPN-1 & FireWall-1 Content Awareness

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule Name	Rule Type	Common Event	Classification
VPN-1 & FireWall-1 Content Awareness	Base Rule	General Firewall Log	Network Traffic

Mapping of VPN-1 & FireWall-1 Content Awareness with LR Schema

Device Key in Log Message	LogRhythm Schema	Data Type
Product	<version>	Number/Text
Origin	<sender>	Number/Text
Action	<action>	Number/Text
Action	<tag1>	Number/Text
SIP	<sip>	Number
SPort	<sport>	Number
DIP	<dip>	Number
DPort	<dport>	Number
Protocol	<protname>	Number
IFName	<sinterface>	Number
IFDirection	<tag2>	Number/Text
Reason	<reason>	Text/String
Rule	<command>	Number/Text
Info	<vendorinfo>	Number/Text
XlateSIP	<snatip>	Number
XlateSport	<snatport>	Number/Text
XlateDIP	<dnatip>	Number/Text
XlateDPort	<dnatport>	Number
User	<login>	Text/String
matched_category	<subject>	Text/String
URL	<url>	Number/Text
src_machine_name	<sname>	Number/Text
dst_machine_name	<dname>	Number/Text
dst_user_name	<account>	Number/Text