Account Audit Log Messages
Vendor Documentation
https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-account-audit-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-syslog-content-mapping-cef |
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Account Audit Log Messages | Base Rule | General Audit Messages | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
datetime | N/A | N/A | Local time in the format: "MMM dd yyyy HH:mm:ss" |
host | N/A | N/A | Hostname without the domain information |
Version | N/A | N/A | CEF format version, current CEF version is 0 |
Device Vendor | N/A | N/A | Appliance vendor |
Device Product | <vendorinfo> | Text/String | Appliance product |
Device Version | <version> | Text/String | Appliance version |
Device Event Class ID | <vmid> | Number | A unique identifier per event-type. This can be a string or an integer Workbench OR OAT |
Name | <objecttype> | Text/String | A string representing a human-readable and understandable description of the event |
Severity | <severity> | Number | Importance of the event |
cat | <object> | Text/String | category |
cs1 | <account> | Text/String | Account |
cs1Label | N/A | N/A | Corresponding label for the cs1 field |
cs2 | N/A | N/A | Role |
cs2Label | N/A | N/A | Corresponding label for the cs2 field |
cs3 | <action> | Text/String | Activity |
cs3Label | N/A | N/A | Corresponding label for the cs3 field |
cn1 | <result> | Number | Result |
cn1Label | N/A | N/A | Corresponding label for the cn1 field |
cn2 | N/A | N/A | Source |
cn2Label | N/A | N/A | Corresponding label for the cn2 field |
msg | <subject> | Text/String | Details |
rt | N/A | N/A | Logged time |
TrendMicroV1CompanyID | N/A | N/A | Company ID |