Watchlist Hit Alert: Query Process

Watchlist Hit Alert: Query Process

Base Rule

Watchlist Hit

Activity

Watchlist Hit Alert: Query Process: Unresolved

Sub Rule

Watchlist Hit

Activity

Watchlist Hit Alert: Query Process: Resolved

Sub Rule

Watchlist Hit

Activity

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<vmid>

Text/String

hostname

<dname>

Text/String

interface_ip

<sip>

IP Address

md5

<objectname>

<hash>

Text/String

process_name

<process>

Text/String

status

<status>

<tag1>

Text/String

username

<account>

Text/String