Alert Event Logs
Vendor Documentation
https://ohc.blob.core.windows.net/o-help/manual/634d3f01-92d7-40e4-ad6a-9df16960e7bd/ddan_7.6_sg.pdf |
Classification
Rule Name | Rule Type | Common Event | Classification |
Alert Event Logs | Base Rule | General Alert Message | Information |
Updated Component Log | Sub Rule | General Info Log Message | Information |
High CPU Usage Log | Sub Rule | High CPU Usage | Warning |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | N/A | N/A | CEF format version |
N/A | N/A | N/A | Appliance vendor |
N/A | N/A | N/A | Appliance product |
N/A | <version> | Numbers | Appliance version |
N/A | <vmid> | Numbers/Text | Event ID |
N/A | <vendorinfo> | Text/String | Description |
N/A | <severity> | Numbers | Severity |
rt |
| Event logged | |
dvc | <dip> | IP Address | Appliance IP address |
dvchost | <dname> | Text/String | Appliance hostname |
dvcmac | <dmac> | Numbers/Text | Appliance MAC address |
deviceExternalId | N/A | N/A | Appliance GUID |
cs1Label | N/A | N/A | Rule name label |
cs1 | <objectname> | Text/String | Rule name |
cs2Label | N/A | N/A | Affected Appliance label |
cs2 | N/A | N/A | Affected Appliance |
cs3Label | N/A | N/A | Subject Label |
cs3 | N/A | N/A | Subject |
cs4Label | N/A | N/A | Message Label |
cs4 | <subject> | Text/String | Message |