Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Add Member to Group Messages |
Base Rule |
Group Membership Information |
Other Audit |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
TS |
N/A |
N/A |
N/A |
|
SESSID |
<session> |
Text/String |
Session information |
|
COMMAND |
<command> |
Text/String |
Command name |
|
USERTYPE |
<objecttype> |
Text/String |
Type of user |
|
USERKEY |
<sender> |
Text/String |
User key informations hexadecimal value |
|
WORKLOAD |
<process> |
Text/String |
Audit log record type |
|
RESULTCODE |
<result> |
Text/String |
Results |
|
OBJECT |
<object> |
Text/String |
Object name |
|
USER |
<login> <domain> |
Text/String |
Source user name |
|
SIP |
<sip> |
IP Address |
Source IP address |
|
OBJECTNAME |
N/A |
N/A |
N/A |
|
PARAMETERS |
N/A |
N/A |
N/A |
|
MODIFIEDPROPERTIES |
N/A |
N/A |
N/A |
|
EXTERNALACCESS |
N/A |
N/A |
N/A |
|
ORIGINATINGSERVER |
N/A |
N/A |
N/A |
|
ORGANIZATIONNAME |
N/A |
N/A |
N/A |
|
EVENTTYPE |
<vmid> |
Text/String |
N/A |
|
EXTENDEDPROPERTIES "name":"targetName","value":" |
<account> |
Text/String |
N/A |
|
EXTENDEDPROPERTIES "Name":"Group.DisplayName","NewValue":" |
<group> |
Text/String |
N/A |
|
APPLICATION |
<objectname> |
Text/String |
N/A |
|
USERAGENT |
<useragent> |
Text/String |
N/A |
|
LOGINSTATUS |
<status> |
Text/String |
N/A |
|
USERDOMAIN |
N/A |
N/A |
N/A |
|
ACTOR |
N/A |
N/A |
N/A |
|
ACTORCONTEXTID |
N/A |
N/A |
N/A |
|
ACTORIP |
N/A |
N/A |
N/A |
|
INTERSYSTEMSID |
N/A |
N/A |
N/A |
|
INTRASYSTEMSID |
N/A |
N/A |
N/A |
|
SUPPORTTICKETID |
N/A |
N/A |
N/A |
|
TARGET |
N/A |
N/A |
N/A |
|
TARGETCONTEXTID |
N/A |
N/A |
N/A |