Vendor Documentation


Classification

Rule Name

Rule Type

Common Event

Classification


File Added To Binary StoreBase RuleFile UploadedActivity


Sample Logs

02 07 2017 17:32:42 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1|binarystore.file.added|cb_server=cbserver compressed_size=2175022 file_path=dummy.path link_md5=7A29FD1DD45A309A13A6C50DDBAB4DE9 md5=7A29FD1DD45A309A13A6C50DDBAB4DE9 node_id=0 size=4631864 timestamp=1486510361.554 type=binarystore.file.added

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
file_path7A29FD1DD45A309A13A6C50DDBAB4DE9.zip

<parentprocesspath>

Text/String
file_pathdummy.path<process>Text/String
link_md57A29FD1DD45A309A13A6C50DDBAB4DE9

<objectname>
<hash>

Text/String
size4631864<size>Number