Products: Cisco Systems - Ironport
| Rule ID | Rule Name |
|---|---|
| LEGACY-S00013 | Connection to High Entropy Domain |
| THRESHOLD-S00026 | Possible Credential Abuse |
| MATCH-S00835 | Possible Dynamic URL Domain |
| OUTLIER-S00010 | Spike in URL Length from IP Address |
| Log Mapper ID | Log Mapper Name |
|---|---|
| 11fa489e-da9a-4982-8c99-55c600318585 | Cisco Ironport MID - Custom Parser |
| d271ce6b-d074-4690-a72a-f5ae754d3efa | Cisco Ironport SFIMS - Custom Parser |
| fdcfade8-8ed5-4195-b0bc-380acfcb6aa7 | Cisco Ironport WSA - Custom Parser |