Support

Support for business applications

Kaspersky Security 8.0 for Linux Mail Server

Publishing program events to a SIEM system

Values of fields in the body of CEF messages for classes of Rules group events

Kaspersky Security 8.0 for Linux Mail Server
Knowledge Base Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools Product videos

Values of fields in the body of CEF messages for classes of Rules group events

December 19, 2024

ID 151770

In the body of CEF messages for classes of Rules group events, you can use keys in accordance with their semantics (see  the table below).

Permissible values of the fields for classes of Rules group events

Key

Value

cs1

Rule name.

cs1Label

Its value is always RuleName.

cn1

Rule ID.

cn1Label

Its value is always RuleId.

act

Action on the rule (created / settings changed / deleted / priority changed).

Each class of Rules group events can contain only keys that are relevant to it (see the table below).

Relevant keys for classes of Rules group events

Event class

Relevant keys

LMS_EV_RULE_CHANGED

cs1, cs1Label, cn1, cn1Label, act

LMS_EV_ALL_RULES_IMPORTED

No value

');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).