Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Catch All : Level 1 |
Base Rule |
General Message Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
TS |
N/A |
N/A |
N/A |
|
SESSID |
N/A |
N/A |
Session information |
|
COMMAND |
<command> |
Text/String |
Command name |
|
USERTYPE |
<objecttype> |
Text/String |
Type of user |
|
USERKEY |
N/A |
N/A |
User key informations hexadecimal value |
|
WORKLOAD |
<process> <vendorinfo> |
Text/String |
Audit log record type |
|
RESULTCODE |
N/A |
N/A |
Results |
|
OBJECT |
N/A |
N/A |
Object name |
|
USER |
N/A |
N/A |
Source user name |
|
SIP |
N/A |
N/A |
Source IP address |
|
OBJECTNAME |
N/A |
N/A |
N/A |
|
PARAMETERS |
N/A |
N/A |
N/A |
|
MODIFIEDPROPERTIES |
N/A |
N/A |
N/A |
|
EXTERNALACCESS |
N/A |
N/A |
N/A |
|
ORIGINATINGSERVER |
N/A |
N/A |
N/A |
|
ORGANIZATIONNAME |
N/A |
N/A |
N/A |
|
LOGONTYPE |
N/A |
N/A |
N/A |
|
MAILBOXOWNER |
N/A |
N/A |
N/A |
|
MAILBOXMASTER |
N/A |
N/A |
N/A |
|
LOGONUSERSID |
N/A |
N/A |
N/A |
|
LOGONUSERDISPLAYNAME |
N/A |
N/A |
N/A |
|
USERAGENT |
<useragent> |
Text/String |
N/A |
|
CLIENTIPADDRESS |
N/A |
N/A |
N/A |
|
CLIENTPROCESSNAME |
N/A |
N/A |
N/A |
|
CLIENTVERSION |
N/A |
N/A |
N/A |
|
FOLDER |
N/A |
N/A |
N/A |
|
CROSSMAILBOXOPERATIONS |
N/A |
N/A |
N/A |
|
DESTMAILBOX |
N/A |
N/A |
N/A |
|
DESTMAILBOXOWNER |
N/A |
N/A |
N/A |
|
DESTMAILBOXMASTER |
N/A |
N/A |
N/A |
|
DESTFOLDER |
N/A |
N/A |
N/A |
|
FOLDERS |
N/A |
N/A |
N/A |
|
AFFECTEDITEMS |
N/A |
N/A |
N/A |
|
ITEM |
N/A |
N/A |
N/A |
|
SENDASUSER |
N/A |
N/A |
N/A |
|
SENDONBEHALFOFUSER |
N/A |
N/A |
N/A |