Skip to main content
Skip table of contents

Agent Event Log Message

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

Agent Event Log Message

Base Rule

General Event Log Information

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

CEF: Version

 N/A

 N/A

CEF format version

Device Vendor

  N/A

 N/A

Device Vendor

Device Product

<vendorinfo>

Text/String

Device Product

Device Version

<version>

Text/String

Device Version

Device Event Class ID

<vmid>

Number

Event ID

Name

<object>

Text/String

Event category

Severity

<severity>

Number

LOG_CRIT: 2
LOG_WARNING: 4
LOG_INFO: 6

eventTime

 N/A

 N/A

StellarProtect format

msg

<subject>

Text/String

<string>

category

<objecttype>

Number

OPTION: 0
SYSTEM: 1
INTELLI_AV: 2
ANOMALY_DETECT: 3
CHANGE_CONTROL: 4
DEVICE_CONTROL: 5
MISC: 15

agentEndpoint

<sname>

Text/String

 N/A

agentIp

<sip>

IP Address

 N/A

agentLocation

 N/A

 N/A

 N/A

agentVendor

 N/A

 N/A

 N/A

agentModel

 N/A

 N/A

 N/A

agentOS

<useragent>

Text/String

 N/A

policy version

 N/A

 N/A

 N/A

desc

 N/A

 N/A

 N/A

policyVersion

 N/A

 N/A

 N/A

detailMsg

 N/A

 N/A

 N/A

targetProcess

 N/A

 N/A

 N/A

fileHash

<hash>

Text/String

 N/A

threatType

 N/A

 N/A

 N/A

threatName

<threatname>

Text/String

 N/A

filePath

 N/A

 N/A

 N/A

actionResult

<result>

Text/String

 N/A

quarantinePath

 N/A

 N/A

 N/A

obadMode

 N/A

 N/A

 N/A

obadLevel

 N/A

 N/A

 N/A

accessUser

 N/A

 N/A

 N/A

processId

<processid>

Number

 N/A

parentProcess1

 N/A

 N/A

 N/A

parentProcess2

 N/A

 N/A

 N/A

parentProcess3

 N/A

 N/A

 N/A

parentProcess4

 N/A

 N/A

 N/A

targetArguments

 N/A

 N/A

 N/A

parentArguments1

 N/A

 N/A

 N/A

parentArguments2

 N/A

 N/A

 N/A

parentArguments3

 N/A

 N/A

 N/A

parentArguments4

 N/A

 N/A

 N/A

blockedProcess

 N/A

 N/A

 N/A

targetFile

 N/A

 N/A

 N/A

vid

 N/A

 N/A

 N/A

pid

 N/A

 N/A

 N/A

sn

 N/A

 N/A

 N/A

accessImagePath

<parentprocesspath>

Text/String

 N/A

srcPath

 N/A

 N/A

 N/A

dstPath

 N/A

 N/A

 N/A

errCode

 N/A

 N/A

 N/A

patchFileName

 N/A

 N/A

 N/A

filePath

 N/A

 N/A

 N/A

type

 N/A

 N/A

 N/A

serverIP

<dip>

IP Address

 N/A

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.