Anomalies Audit Log Messages

https://success.skyhighsecurity.com/Skyhigh_CASB/Skyhigh_Cloud_Connector/Cloud_Connector_Integrations/Cloud_Connector_SIEM_Integration/Cloud_Connector_SIEM_Integration_Formats

Anomalies Audit Log Messages

Base Rule

General Audit Messages

Information

N/A

N/A

N/A

Format

N/A

N/A

N/A

Device Vendor

N/A

N/A

N/A

Device Product

N/A

N/A

N/A

Device Version

N/A

<vmid>

Text/String

Device Event Class ID

N/A

<vendorinfo>

Text/String

Name

N/A

N/A

N/A

Severity

start

N/A

N/A

N/A

suser

<login>, <domainorigin>

Text/String

N/A

activityName

N/A

N/A

N/A

actorIdType

N/A

N/A

N/A

classificationNames

N/A

N/A

N/A

incidentId

N/A

N/A

N/A

riskSeverity

<severity>

Text/String

N/A

incidentRiskSeverityId

N/A

N/A

N/A

informationAccountId

N/A

N/A

N/A

informationCategory

<objecttype>

Text/String

N/A

informationConfigType

<sessiontype>

Text/String

N/A

informationContentItemCreatedOn

N/A

N/A

N/A

contentItemId

N/A

N/A

N/A

contentItemName

N/A

N/A

N/A

contentItemType

N/A

N/A

N/A

informationEventId

N/A

N/A

N/A

informationHistoricalUserRiskScore

N/A

N/A

N/A

policyId

N/A

N/A

N/A

policyName

<policy>

Text/String

N/A

informationRegion

N/A

N/A

N/A

informationScanName

N/A

N/A

N/A

informationScanRunDate

N/A

N/A

N/A

instanceId

N/A

N/A

N/A

instanceName

<objectname>

Text/String

N/A

response

<result>

Text/String

N/A

serviceNames

<parentprocessname>

Text/String

N/A

significantlyUpdatedAt

N/A

N/A

N/A

status

<status>

Text/String

N/A

updatedOn

N/A

N/A

N/A