Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Audit Events |
Base Rule |
General Audit Message |
Other Audit |
|
External Storage Status For Session Recording |
Sub Rule |
General Removable Storage Service Information |
Information |
|
File Downloaded |
Sub Rule |
File Download |
Information |
|
File Uploaded |
Sub Rule |
File Uploaded |
Information |
|
Gateway Settings Modified |
Sub Rule |
Configuration Modified : Network Access |
Configuration |
|
Harmful Content Entered |
Sub Rule |
Threat Blocked |
Failed Activity |
|
Microsoft Authenticator Setup |
Sub Rule |
General Setup Information |
Information |
|
Node Offline |
Sub Rule |
Port Offline |
Network Traffic |
|
Node Online |
Sub Rule |
Port Online |
Network Traffic |
|
Password Entered |
Sub Rule |
Password Entry |
Other Audit |
|
Password Expired |
Sub Rule |
LOGIN_PASSWORD_EXPIRED |
Information |
|
Password Out Of Sync |
Sub Rule |
Data Out Of Sync |
Error |
|
Password Retrieved |
Sub Rule |
Object Read |
Access Success |
|
Password Verification Failed |
Sub Rule |
User Logon Failure : Bad Password |
Authentication Failure |
|
Password Verified |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Password Violated |
Sub Rule |
Password Entry |
Other Audit |
|
Query Report Created |
Sub Rule |
Report Generation |
Information |
|
Read Only Share Given |
Sub Rule |
Access Granted Activity |
Access Granted |
|
Read_Only_Share_Revoked |
Sub Rule |
Access Revoked Activity |
Access Revoked |
|
Resource Added |
Sub Rule |
Object Added |
Access Success |
|
Resource Group Modified |
Sub Rule |
Object Modified |
Access Success |
|
Resource Modified |
Sub Rule |
Object Modified |
Access Success |
|
Resource Personal Data Viewed |
Sub Rule |
Object Read |
Access Success |
|
Schedule Created |
Sub Rule |
Scheduled Task Created |
Information |
|
Session Ended |
Sub Rule |
Session Ended |
Information |
|
Session Started |
Sub Rule |
Session Started |
Other Audit Success |
|
Unauthorized Access |
Sub Rule |
Failed Unauthorized Activity |
Failed Misuse |
|
User Authentication Failed |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
User Imported From Active Directory |
Sub Rule |
General Active Directory Information |
Information |
|
User Logged In AD |
Sub Rule |
User Logon |
Authentication Success |
|
User Logged In PAM360 |
Sub Rule |
User Logon |
Authentication Success |
|
User Logged Out |
Sub Rule |
User Logoff |
Authentication Success |
|
User Modified |
Sub Rule |
User Account Attribute Modified |
Account Modified |
|
User Personal Data Viewed |
Sub Rule |
Object Read |
Access Success |
|
User Trust Score |
Sub Rule |
General User Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
N/A |
<objecttype>:<login>:<sip> |
Text/String/IP Address |
ResourceAudit:LOGGED_IN_USERNAME:IPADDRESS OR UserAudit:LOGGED_IN_USERNAME:IPADDRESS |
|
N/A |
<action>, <tag1> |
Text/String |
OPERATION_TYPE |
|
N/A |
N/A |
N/A |
OPERATED_TIME |
|
N/A |
<status>, <tag2> |
Text/String |
STATUS_OF_OPERATION |
|
N/A |
<sname> |
Text/String |
PAM360_SERVER_NAME |
|
N/A |
<subject> |
Text/String |
ORG_NAME-RESOURCE_NAME:ACCOUNT_NAME:SHARED_USER:REASON OR ORG_NAME-LOGGED_IN_USERNAME:REASON |