client_ip_host
Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Audit |
Base Rule |
General Audit Message |
Other Audit |
|
Audit : Secret Changed |
Sub Rule |
Password Modified |
Account Modified |
|
Audit : Policy Published |
Sub Rule |
Policy Created : Firewall/ACL |
Policy |
|
Audit : Rule Modified |
Sub Rule |
Object Modified |
Access Success |
|
Audit : Object Modified |
Sub Rule |
Object Modified |
Access Success |
|
Audit : Policy Installed |
Sub Rule |
Policy Created : Firewall/ACL |
Policy |
|
Audit : File Retrieved |
Sub Rule |
Object Accessed |
Access Success |
|
Audit : Rule Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Audit : Object Deleted |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
Audit : Section Created |
Sub Rule |
Object Modified |
Access Success |
|
Audit : Rule Created |
Sub Rule |
Object Created |
Access Success |
|
Audit : Create Object |
Sub Rule |
Object Created |
Access Success |
|
Audit : Log Out |
Sub Rule |
User Logoff |
Authentication Success |
|
Audit : Log In |
Sub Rule |
User Logon |
Authentication Success |
|
Audit : Application Control & URL Filtering Update |
Sub Rule |
Signatures Updated |
Configuration |
|
Audit : Initialize SIC Certificate |
Sub Rule |
Certificate Authorization Registered |
Other Audit Success |
|
Audit : Revoke SIC Certificate |
Sub Rule |
Trust Relationship Revoked |
Access Revoked |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
Product |
<version> |
Number/Text |
|
origin |
<sender> |
Number/Text |
|
operation |
<action> |
Number/Text |
|
operation |
<tag1> |
Number/Text |
|
subject |
<vendorinfo> |
Number/Text |
|
status |
<status> |
Text/String |
|
administrator |
<login> |
Number/Text |
|
client |
<dip> |
Number |
|
client |
<dname> |
Number/Text |
|
generalinformation |
<vendorinfo> |
Number/Text |
|
objecttype |
<objecttype> |
Number/Text |