title: ArcSight order: 20 backends: - arcsight logsources: linux: product: linux conditions: deviceVendor: Unix linux-sshd: product: linux service: sshd conditions: deviceVendor: Unix linux-auth: product: linux service: auth conditions: deviceVendor: Unix linux-clamav: product: linux service: clamav conditions: deviceVendor: Unix windows-dns: product: windows service: dns-server conditions: deviceVendor: Microsoft deviceProduct: DNS-Server windows-pc: product: windows service: powershell-classic conditions: deviceVendor: Microsoft windows-sys: product: windows service: sysmon conditions: deviceVendor: Microsoft deviceProduct: Sysmon windows-sec: product: windows service: security conditions: deviceVendor: Microsoft deviceProduct: Microsoft Windows windows-power: product: windows service: powershell conditions: deviceVendor: Microsoft windows-dhcp: product: windows service: dhcp conditions: deviceVendor: Microsoft windows-system: product: windows service: system conditions: deviceVendor: Microsoft windows-driver: product: windows service: driver-framework conditions: deviceVendor: Microsoft windows-app: product: windows service: application conditions: deviceVendor: Microsoft proxy: category: proxy conditions: categoryDeviceGroup: /Proxy python: product: python conditions: deviceProduct: Python categoryDeviceGroup: /Application ruby_on_rails: product: ruby_on_rails conditions: deviceProduct: Ruby on Rails categoryDeviceGroup: /Application spring: product: spring conditions: deviceProduct: Spring categoryDeviceGroup: /Application apache: product: apache conditions: deviceProduct: Apache categoryDeviceGroup: /Application firewall: product: firewall conditions: categoryDeviceGroup: /Firewall fieldmappings: EventID: externalId dst: - destinationAddress dst_ip: - destinationAddress src: - sourceAddress src_ip: - sourceAddress