Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Agent Log Event Messages |
Base Rule |
General Event Agent Information |
Information |
|
Module Disabled Messages |
Sub Rule |
Module Unloaded |
Other Audit |
|
Module Error Messages |
Sub Rule |
Module Error |
Error |
|
Module Not Installed Messages |
Sub Rule |
Module Initialization Failure |
Critical |
|
Module Running Messages |
Sub Rule |
Module Loaded |
Other Audit Success |
|
Asset Shutdown Messages |
Sub Rule |
Service Shutdown |
Startup and Shutdown |
|
Agent Stopped Messages |
Sub Rule |
Session Stopped |
Other Audit Success |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
N/A |
N/A |
N/A |
Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10). |
|
N/A |
N/A |
N/A |
Vendor or organization name. |
|
N/A |
N/A |
N/A |
Product or service name generating the event. |
|
N/A |
<version> |
Numbers |
Version number. |
|
N/A |
<vmid> |
Text/String |
N/A |
|
N/A |
<vendorinfo> |
Text/String |
Description |
|
N/A |
<severity> |
Text/String |
Severity level of the event |
|
id |
<session> |
Text/String |
N/A |
|
shost |
<sname> |
Text/String |
N/A |
|
start |
N/A |
N/A |
N/A |
|
cs1Label |
N/A |
N/A |
N/A |
|
cs1 |
<object> |
Text/String |
N/A |
|
msg |
<subject>
|
Text/String |
N/A |
|
cs2label |
N/A |
N/A |
N/A |
|
cs2 |
N/A |
N/A |
N/A |