Breadcrumbs

Web Application Violation Messages

Classification

Rule Name

Rule Type

Common Event

Classification

Web Application Violation Messages

Base Rule

Network Traffic Violation

Warning

General Web App Violation : Critical

Sub Rule

General Traffic Violation Critical

Critical

General Web App Violation : Warning

Sub Rule

General Traffic Violation Warning

Warning

General Web App Violation : Error

Sub Rule

General Traffic Violation Error

Error

General Web App Violation : Informational

Sub Rule

General Traffic Violation Information

Information

Web App Violation : Buffer Overflow

Sub Rule

Buffer Overflow/Underflow

Attack

Web App Violation : Cross Site Scripting

Sub Rule

Cross-Site Scripting

Attack

Web App Violation : Detection Evasion

Sub Rule

Suspicious User Activity

Suspicious

Web App Violation : HTTP Parser Attack

Sub Rule

General Attack Activity

Attack

Web App Violation : Injection Attempt

Sub Rule

SQL Injection

Attack

Web App Violation : Parameter Tampering

Sub Rule

General Attack Activity

Attack

Web App Violation : Web Scraping

Sub Rule

Unauthorized Program/Process

Misuse

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

severity

<severity>

Text/String

violations

<vmid>

Text/String

ip_client

<sip>

IP Address

dest_ip

<dip>

IP Address

unit_hostname

<dname>

Text/String

src_port

<sport>

Number

dest_port

<dport>

Number

protocol

<protname>

Text/String

support_id

<session>

Number

web_application_name

<process>

Text/String

User-Agent

<object>

Text/String

response_code

<subject>

Number

violations

<threatname>

Text/String

N/A

<version>

Number

User-Agent

<useragent>

Text/String

uri

<url>

Text/String

method

<command>

Text/String

response_code

<responsecode>

Number

request_status

<status>

Text/String

N/A

<tag1>

Text/String

severity

<tag2>

Text/String