Vendor Documentation


Classification

Rule Name

Rule Type

Common Event

Classification


Cross Process Open Ingress EventBase RuleProcess/Service StartedActivity


Sample Logs

05 18 2016 08:53:37 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1.1.160416.0935|ingress.event.crossprocopen|cb_server=cbserver cb_version=5.1.1.160416.0935 computer_name=dummy.hostname feed_id=13 feed_name=nvd group=LogRhythm HQ hostname=dummy.hostname ioc_attr={} ioc_type=md5 ioc_value=58b8702c20de211d1fcb248d2fdd71d1 target_md5=58B8702C20DE211D1FCB248D2FDD71D1 target_path= target_pid=

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
vmidingress.event.crossprocopen<vmid>Text/String
computer_namedummy.hostname

<dname>

Text/String
target_md558B8702C20DE211D1FCB248D2FDD71D1

<objectname>

<hash>

Text/String
target_pathN/A<process>Text/String
target_pidN/A<processid>Number