Audit Record Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Audit Record Messages | Base Rule | General Audit Messages | Information |
Connection Trends Messages | Sub Rule | Connection Information | Information |
User Authentication Messages | Sub Rule | General Authentication Information | Information |
Logout Messages | Sub Rule | User Logoff | Authentication Success |
Publish Segmentation Policy Messages | Sub Rule | General Policy | Other Audit |
Edit Segmentation Messages | Sub Rule | General Policy | Other Audit |
Bulk Rest Policy Messages | Sub Rule | General Policy | Other Audit |
Create Segmentation Messages | Sub Rule | General Policy | Other Audit |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | N/A | N/A | Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10). |
N/A | N/A | N/A | Vendor or organization name. |
N/A | N/A | N/A | Product or service name generating the event. |
N/A | <version> | Number | Version number. |
N/A | <vmid> | Text/String | N/A |
N/A | <vendorinfo> | Text/String | Description |
N/A | <severity> | Text/String | Severity level of the event. |
request | <command> | Text/String | N/A |
act | <action> | Text/String | N/A |
suser | <login>@<domainorigin> | Text/String | N/A |
msg | <subject> | Text/String | N/A |
src | <sip> | IP Address | N/A |