Vendor Documentation


Classification

Rule Name

Rule Type

Common Event

Classification


Remote Thread Ingress EventBase RuleProcess/Service StartedActivity


Sample Logs

05 18 2016 08:53:37 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1.1.160416.0935|ingress.event.remotethread|cb_server=cbserver cb_version=5.1.1.160416.0935 computer_name=USLT1361DUMMY feed_id=13 feed_name=nvd group=LogRhythm HQ hostname=USLT1361DUMMY ioc_attr={} ioc_type=md5 ioc_value=58b8702c20de211d1fcb248d2fdd71d1 md5=58B8702C20DE211D1FCB248D2FDD71D1

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
VMIDingress.event.remotethread<vmid>Text/String
computer_nameUSLT1361DUMMY

<dname>

Text/String
md558B8702C20DE211D1FCB248D2FDD71D1

<objectname>

<hash>

Text/String
target_pathN/A<process>Text/String
target_process_idN/A<processid>Number