Agent Event Log Message
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
Agent Event Log Message | Base Rule | General Event Log Information | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
CEF: Version | N/A | N/A | CEF format version |
Device Vendor | N/A | N/A | Device Vendor |
Device Product | <vendorinfo> | Text/String | Device Product |
Device Version | <version> | Text/String | Device Version |
Device Event Class ID | <vmid> | Number | Event ID |
Name | <object> | Text/String | Event category |
Severity | <severity> | Number | LOG_CRIT: 2 |
eventTime | N/A | N/A | StellarProtect format |
msg | <subject> | Text/String | <string> |
category | <objecttype> | Number | OPTION: 0 |
agentEndpoint | <sname> | Text/String | N/A |
agentIp | <sip> | IP Address | N/A |
agentLocation | N/A | N/A | N/A |
agentVendor | N/A | N/A | N/A |
agentModel | N/A | N/A | N/A |
agentOS | <useragent> | Text/String | N/A |
policy version | N/A | N/A | N/A |
desc | N/A | N/A | N/A |
policyVersion | N/A | N/A | N/A |
detailMsg | N/A | N/A | N/A |
targetProcess | N/A | N/A | N/A |
fileHash | <hash> | Text/String | N/A |
threatType | N/A | N/A | N/A |
threatName | <threatname> | Text/String | N/A |
filePath | N/A | N/A | N/A |
actionResult | <result> | Text/String | N/A |
quarantinePath | N/A | N/A | N/A |
obadMode | N/A | N/A | N/A |
obadLevel | N/A | N/A | N/A |
accessUser | N/A | N/A | N/A |
processId | <processid> | Number | N/A |
parentProcess1 | N/A | N/A | N/A |
parentProcess2 | N/A | N/A | N/A |
parentProcess3 | N/A | N/A | N/A |
parentProcess4 | N/A | N/A | N/A |
targetArguments | N/A | N/A | N/A |
parentArguments1 | N/A | N/A | N/A |
parentArguments2 | N/A | N/A | N/A |
parentArguments3 | N/A | N/A | N/A |
parentArguments4 | N/A | N/A | N/A |
blockedProcess | N/A | N/A | N/A |
targetFile | N/A | N/A | N/A |
vid | N/A | N/A | N/A |
pid | N/A | N/A | N/A |
sn | N/A | N/A | N/A |
accessImagePath | <parentprocesspath> | Text/String | N/A |
srcPath | N/A | N/A | N/A |
dstPath | N/A | N/A | N/A |
errCode | N/A | N/A | N/A |
patchFileName | N/A | N/A | N/A |
filePath | N/A | N/A | N/A |
type | N/A | N/A | N/A |
serverIP | <dip> | IP Address | N/A |