Audit Events (Syslog - ManageEngine PAM360)
Vendor Documentation
https://www.manageengine.com/privileged-access-management/help/integration_siemtools.html https://www.manageengine.com/privileged-access-management/help/images/integration-siem2.png |
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Audit Events | Base Rule | General Audit Message | Other Audit |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
N/A | <objecttype>:<login>:<sip> | Text/String/IP Address | ResourceAudit:LOGGED_IN_USERNAME:IPADDRESS OR UserAudit:LOGGED_IN_USERNAME:IPADDRESS |
N/A | <action> | Text/String | OPERATION_TYPE |
N/A | N/A | N/A | OPERATED_TIME |
N/A | <status> | Text/String | STATUS_OF_OPERATION |
N/A | <sname> | Text/String | PAM360_SERVER_NAME |
N/A | <subject> | Text/String | ORG_NAME-RESOURCE_NAME:ACCOUNT_NAME:SHARED_USER:REASON OR ORG_NAME-LOGGED_IN_USERNAME:REASON |