Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Workbench Alert Log Messages |
Base Rule |
General Alert Message |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
datetime |
N/A |
N/A |
Local time in the format: "MMM dd yyyy HH:mm:ss" |
|
host |
N/A |
N/A |
Hostname without the domain information |
|
Version |
N/A |
N/A |
CEF format version, current CEF version is 0 |
|
Device Vendor |
N/A |
N/A |
Appliance vendor |
|
Device Product |
<vendorinfo> |
Text/String |
Appliance product |
|
Device Version |
<version> |
Text/String |
Appliance version |
|
Device Event Class ID |
<vmid> |
Number |
A unique identifier per event-type. This can be a string or an integer Workbench OR OAT |
|
Name |
<objecttype> |
Text/String |
A string representing a human-readable and understandable description of the event |
|
Severity |
<severity> |
Number |
Importance of the event
|
|
externalId |
N/A |
N/A |
Workbench ID |
|
cat |
N/A |
N/A |
Workbench name |
|
cn1 |
N/A |
N/A |
Count of all impact scopes |
|
cn1Label |
N/A |
N/A |
Corresponding label for the "cn1" field |
|
cs1 |
<url> |
Text/String |
Workbench link |
|
cs1Label |
N/A |
N/A |
Corresponding label for the "cs1" field |
|
msg |
<subject> |
Text/String |
Description of the detection model |
|
rt |
N/A |
N/A |
Workbench complete time |
|
sourceServiceName |
<object> |
Text/String |
Alert provider
|
|
TrendMicroV1CompanyID |
N/A |
N/A |
Company ID |