Adding Query Spec

Classification

Rule Name	Rule Type	Common Event	Classification
Adding Query Spec	Base Rule	Access Object Failure	Audit

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Severity	<severity>	Number/Text/String	Severity information
Object	<object>	Text/String	N/A
Quantity	<quantity>	Number	N/A