VPN & Firewall
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| VPN & Firewall | Base Rule | General Firewall Log | Network Traffic |
| VPN & Firewall : Traffic Redirected | Sub Rule | Traffic Redirected | Network Traffic |
| VPN & Firewall : Traffic Encrypted | Sub Rule | Encrypt Packet | Network Traffic |
| VPN & Firewall : Traffic Decrypted | Sub Rule | Decrypted Packet | Network Traffic |
| VPN & Firewall : Traffic Rejected | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| VPN & Firewall : Traffic Dropped | Sub Rule | Traffic Denied by Host Firewall | Network Deny |
| VPN & Firewall : Traffic Accepted | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| VPN & Firewall : Traffic Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| VPN & Firewall : Traffic Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Product | <version> | Number/Text |
| Origin | <sender> | Number/Text |
| Action | <action> | Number/Text |
| Action | <tag1> | Number/Text |
| SIP | <sip> | Number |
| SPort | <sport> | Number |
| DIP | <dip> | Number |
| DPort | <dport> | Number |
| Protocol | <protnum> | Number |
| Protocol | <protname> | Number/Text |
| IFName | <sinterface> | Number/Text |
| IFDirection | <tag2> | Number/Text |
| Reason | <reason> | Number/Text |
| Rule | <command> | Number/Text |
| Info | <vendorinfo> | Number/Text |
| XlateSIP | <snatip> | Number/Text |
| XlateSport | <snatport> | Number/Text |
| XlateDIP | <dnatip> | Number/Text |
| XlateDPort | <dnatport> | Number/Text |
| user | <login> | Number/Text |
| matched_category | <subject> | Number/Text |
| rule_name | <command> | Number/Text |
| PolicyName | <policy> | Number/Text |
| Service | <process> | Number/Text |
| State | <status> | Text/String |