Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification


Catch All : Level 1Base RuleGeneral SecurityInformation

Sample Logs

05 18 2016 08:53:37 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1.1.160416.0935|4320|alert.status.updated|alert_resolution= cb_server= feed_name= ioc_type= ioc_value=H566BBBDBHBEFASASJJJXXX

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
vmid4320<vmid>Text/String