Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification


Binary InfoBase RuleGeneral InformationInformation
Binary Info : Group ObservedSub RuleGroup InformationInformation
Binary Info : Host ObservedSub RuleGeneral Host InformationInformation


Sample Logs

02 07 2017 17:12:20 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1|binaryinfo.host.observed|cb_server=cbserver computer_name=SMI-ULTRA-80 hostname=dummy.hostname link_md5=18461BA728ACBE4720C4885B57E3402A link_sensor=dummy.sensor md5=18461BA728ACBE4720C4885B57E3402A scores= sensor_id=1834 timestamp=1486509139.267 type=binaryinfo.host.observed watchlists=

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
vmidbinaryinfo<vmid>Text/String
groupN/A<group>Text/String
hostnamedummy.hostname<dname>Text/String
md518461BA728ACBE4720C4885B57E3402A

<objectname>

<hash>

Text/String