Skip to main content
Skip table of contents

Audit

client_ip_host

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule NameRule TypeCommon EventClassification
AuditBase RuleGeneral Audit MessageOther Audit
Audit : Secret ChangedSub RulePassword ModifiedAccount Modified
Audit : Policy PublishedSub RulePolicy Created : Firewall/ACLPolicy
Audit : Rule ModifiedSub RuleObject ModifiedAccess Success
Audit : Object ModifiedSub RuleObject ModifiedAccess Success
Audit : Policy InstalledSub RulePolicy Created : Firewall/ACLPolicy
Audit : File RetrievedSub RuleObject AccessedAccess Success
Audit : Rule DeletedSub RuleObject Deleted/RemovedAccess Success
Audit : Object DeletedSub RuleObject Deleted/RemovedAccess Success
Audit : Section CreatedSub RuleObject ModifiedAccess Success
Audit : Rule CreatedSub RuleObject CreatedAccess Success
Audit : Create ObjectSub RuleObject CreatedAccess Success
Audit : Log OutSub RuleUser LogoffAuthentication Success
Audit : Log InSub RuleUser LogonAuthentication Success
Audit : Application Control & URL Filtering UpdateSub RuleSignatures UpdatedConfiguration
Audit : Initialize SIC CertificateSub RuleCertificate Authorization RegisteredOther Audit Success
Audit : Revoke SIC CertificateSub RuleTrust Relationship RevokedAccess Revoked

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

Product<version>Number/Text
origin<sender>Number/Text
operation<action>Number/Text
operation<tag1>Number/Text
subject<vendorinfo>Number/Text
status<status>Text/String
administrator<login>Number/Text
client<dip>Number
client<dname>Number/Text
generalinformation<vendorinfo>Number/Text
objecttype<objecttype>Number/Text


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close