Mappings: FireEye CMS DM
Input | Value |
---|---|
Vendor | FireEye |
Product | CMS |
Log Format | CEF |
Event ID Regex Pattern | DM |
Output | Value |
---|---|
Vendor | FireEye |
Product | Central Management System |
Record Type | NetworkDNS |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
description | None | The static text CMS Domain Match is populated in this schema field. |
device_ip | src | |
dns_queryDomain | cs5 | |
dstDevice_ip | dst | |
dstDevice_mac | dmac | |
ipProtocol | proto | |
normalizedSeverity | None | The static text 3 is populated in this schema field. |
srcDevice_hostname | shost | |
srcDevice_ip | src | |
srcDevice_mac | smac | |
srcPort | spt | |
threat_name | sname | |
threat_referenceUrl | cs4 | |
threat_ruleType | None | The static text direct is populated in this schema field. |
threat_signalName | sname | |
timestamp | rt | We expect the orginal record value of rt is in the format MMM dd yyyy HH:mm:ss zzz |