Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Audit Record Messages |
Base Rule |
General Audit Messages |
Information |
|
Connection Trends Messages |
Sub Rule |
Connection Information |
Information |
|
User Authentication Messages |
Sub Rule |
General Authentication Information |
Information |
|
Logout Messages |
Sub Rule |
User Logoff |
Authentication Success |
|
Publish Segmentation Policy Messages |
Sub Rule |
General Policy |
Other Audit |
|
Edit Segmentation Messages |
Sub Rule |
General Policy |
Other Audit |
|
Bulk Rest Policy Messages |
Sub Rule |
General Policy |
Other Audit |
|
Create Segmentation Messages |
Sub Rule |
General Policy |
Other Audit |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
N/A |
N/A |
N/A |
Common Event Format identifier: Default or unspecified severity level (can be replaced with specific severity levels such as 1-10). |
|
N/A |
N/A |
N/A |
Vendor or organization name. |
|
N/A |
N/A |
N/A |
Product or service name generating the event. |
|
N/A |
<version> |
Number |
Version number. |
|
N/A |
<vmid> |
Text/String |
N/A |
|
N/A |
<vendorinfo> |
Text/String |
Description |
|
N/A |
<severity> |
Text/String |
Severity level of the event. |
|
request |
<command> |
Text/String |
N/A |
|
act |
<action>
|
Text/String |
N/A |
|
suser |
<login>@<domainorigin> |
Text/String |
N/A |
|
msg |
<subject> |
Text/String |
N/A |
|
src |
<sip> |
IP Address |
N/A |