Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|
Web Traffic |
Base Rule |
Network Traffic |
Web Request |
|
Field Names |
Sub Rule |
Information |
Configuration Information |
|
Version Information |
Sub Rule |
Information |
Configuration Information |
|
Software Information |
Sub Rule |
Information |
Configuration Information |
|
Remarks |
Sub Rule |
Information |
General Log File Comment Line |
|
Start Date |
Sub Rule |
Information |
Internal Timestamp |
|
Date |
Sub Rule |
Information |
Internal Timestamp |
|
Web Traffic Observed |
Sub Rule |
Network Allow |
Traffic Allowed by Proxy |
|
Unauthorized Activity Denied |
Sub Rule |
Failed Misuse |
Failed Unauthorized Activity |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<severity> |
Text/String |
|
N/A |
<milliseconds> |
Number |
|
N/A |
<sip> |
IP Address |
|
N/A |
<login> |
Number |
|
N/A |
<account> |
Text/String/Number |
|
N/A |
<domain> |
Text/String/Number |
|
N/A |
<group> |
Text/String |
|
N/A |
<tag1> |
Text/String |
|
N/A |
<subject> |
Text/String |
|
N/A |
<url> |
Text/String/Number |
|
N/A |
<responsecode> |
Number |
|
N/A |
<vmid> |
Text/String |
|
N/A |
<action> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<objecttype> |
Text/String/Number |
|
N/A |
<protname> |
Text/String |
|
N/A |
<dip> |
IP Address |
|
N/A |
<dname> |
Text/String/Number |
|
N/A |
<dport> |
Number |
|
N/A |
<object> |
Text/String/Number |
|
N/A |
<useragent> |
Text/String/Number |
|
N/A |
<bytesout> |
Number |
|
N/A |
<bytesin> |
Number |
|
N/A |
<tag2> |
Text/String/Number |