Vendor Documentation


Classification

Rule Name

Rule Type

Common Event

Classification


Feed Hit : Process IngressBase RuleWatchlist HitActivity


Sample Logs

08 28 2016 19:16:11 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1.1.160623.1033|feed.ingress.hit.process|cb_server=cbserver cb_version=5.1.1.160623.1033 computer_name=USLT1800CDUMMY feed_id=13 feed_name=nvd from_feed_search=false group=LogRhythm HQ hostname=USLT1800CDUMMY ioc_attr={} ioc_type=md5 ioc_value=58b8702c20de211d1fcb248d2fdd71d1 os_type=Windows process_guid=000000f4-0000-1a40-01d2-0192d85f2e9a process_id=000000f4-0000-1a40-01d2-0192d85f2e9a report_id=10463 report_score=100 sensor_id=244 server_name=localhost.localdomain timestamp=1472436578.654 type=feed.ingress.hit.process

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
feed_namenvd<sender>Text/String
groupLogRhythm HQ

<group>

Text/String
hostnameUSLT1800CDUMMY

<dname>

Text/String
md5/ioc_value58b8702c20de211d1fcb248d2fdd71d1

<objectname>

<hash>

Text/String