Vendor Documentation


Classification

Rule Name

Rule Type

Common Event

Classification


Feed Hit : Binary IngressBase RuleWatchlist HitActivity


Sample Logs

05 18 2016 08:53:37 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1.1.160416.0935|feed.ingress.hit.binary|cb_server=cbserver cb_version=5.1.1.160416.0935 computer_name=USLT1361DUMMY feed_id=13 feed_name=nvd group=LogRhythm HQ hostname=USLT1361DUMMY ioc_attr={} ioc_type=md5 ioc_value=58b8702c20de211d1fcb248d2fdd71d1 md5=58B8702C20DE211D1FCB248D2FDD71D1 os_type=Windows report_id=10419 report_score=100 sensor_id=26 server_name=localhost.localdomain timestamp=1463586449.007 type=feed.ingress.hit.binary

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
feed_namenvd<sender>Text/String
groupLogRhythm HQ

<group>

Text/String
hostnameUSLT1361DUMMY

<dname>

Text/String
md558B8702C20DE211D1FCB248D2FDD71D1

<objectname>

<hash>

Text/String