Skip to main content
Skip table of contents

Watchlist Hit Alert : Binary Ingress

Vendor Documentation

https://www.carbonblack.com/products/endpoint-detection-and-response/

Classification

Rule Name

Rule Type

Common Event

Classification
Watchlist Hit Alert : Binary IngressBase RuleWatchlist HitActivity
Watchlist Hit Alert : Signed Binary IngressSub RuleWatchlist HitActivity
Watchlist Hit Alert : Unsigned Binary IngressSub RuleWatchlist HitActivity

Mapping with LogRhythm Schema

Device Key in log messageLogRhythm SchemaData Type
alert_severity<severity>Number
digsig_publisher/issuer<subject>Text/String
digsig_result<result>Text/String
digsig_result<tag1>Text/String
feed_name<sender>Text/String
hostname<dname>Text/String
md5<objectname>Text/String
md5<hash>Text/String
observed_filename<process>Text/String
observed_filename_total_count<quantity>Number
status<status>Text/String


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close