Vendor Documentation


Classification

Rule Name

Rule Type

Common Event

Classification


Alert Status Messages
Base RuleGeneral Alert Message
Activity


Sample Logs

05 18 2016 08:53:37 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1.1.160416.0935|alert.status.updated|alert_resolution= cb_server= feed_name= ioc_type= ioc_value=H566BBBDBHBEFASASJJJXXX

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
vendorinfoalert.status.updated<vendorinfo>Text/String
alert_resolutionN/A<status>Text/String
cb_serverN/A<sname>Text/String
feed_nameN/A<objectname>Text/String
ioc_typeN/A<objecttype>Text/String
ioc_valueH566BBBDBHBEFASASJJJXXX<hash>Text/String