Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Administrator Logon |
Base Rule |
Information |
Administrator Status Log |
|
Administrator Login |
Sub Rule |
Authentication Success |
User Logon |
|
Administrator Logout |
Sub Rule |
Authentication Success |
User Logoff |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<severity> |
Text/String |
|
N/A |
<vmid> |
String/ Number |
|
N/A |
<command> |
Text/String/Number |
|
N/A |
<domain> |
Text/String/Number |
|
N/A |
<login> |
Text/String/Number |
|
N/A |
<dname> |
Text/String |
|
N/A |
<sip> |
Ip address |
|
N/A |
<session> |
Text/String/Number |
|
N/A |
<object> |
Text/String/Number |