Add Member to Group Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Add Member to Group Messages | Base Rule | Group Membership Information | Other Audit |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
TS | N/A | N/A | N/A |
SESSID | <session> | Text/String | Session information |
COMMAND | <command> | Text/String | Command name |
USERTYPE | <objecttype> | Text/String | Type of user |
USERKEY | <sender> | Text/String | User key informations hexadecimal value |
WORKLOAD | <process> | Text/String | Audit log record type |
RESULTCODE | <result> | Text/String | Results |
OBJECT | <object> | Text/String | Object name |
USER | <login> <domain> | Text/String | Source user name |
SIP | <sip> | IP Address | Source IP address |
OBJECTNAME | N/A | N/A | N/A |
PARAMETERS | N/A | N/A | N/A |
MODIFIEDPROPERTIES | N/A | N/A | N/A |
EXTERNALACCESS | N/A | N/A | N/A |
ORIGINATINGSERVER | N/A | N/A | N/A |
ORGANIZATIONNAME | N/A | N/A | N/A |
EVENTTYPE | <vmid> | Text/String | N/A |
EXTENDEDPROPERTIES "name":"targetName","value":" | <account> | Text/String | N/A |
EXTENDEDPROPERTIES "Name":"Group.DisplayName","NewValue":" | <group> | Text/String | N/A |
APPLICATION | <objectname> | Text/String | N/A |
USERAGENT | <useragent> | Text/String | N/A |
LOGINSTATUS | <status> | Text/String | N/A |
USERDOMAIN | N/A | N/A | N/A |
ACTOR | N/A | N/A | N/A |
ACTORCONTEXTID | N/A | N/A | N/A |
ACTORIP | N/A | N/A | N/A |
INTERSYSTEMSID | N/A | N/A | N/A |
INTRASYSTEMSID | N/A | N/A | N/A |
SUPPORTTICKETID | N/A | N/A | N/A |
TARGET | N/A | N/A | N/A |
TARGETCONTEXTID | N/A | N/A | N/A |