Catch All : Level 1 2
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Catch All : Level 1 | Base Rule | General Message Information | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| TS | N/A | N/A | N/A |
| SESSID | N/A | N/A | Session information |
| COMMAND | <command> | Text/String | Command name |
| USERTYPE | <objecttype> | Text/String | Type of user |
| USERKEY | N/A | N/A | User key informations hexadecimal value |
| WORKLOAD | <process> <vendorinfo> | Text/String | Audit log record type |
| RESULTCODE | N/A | N/A | Results |
| OBJECT | N/A | N/A | Object name |
| USER | N/A | N/A | Source user name |
| SIP | N/A | N/A | Source IP address |
| OBJECTNAME | N/A | N/A | N/A |
| PARAMETERS | N/A | N/A | N/A |
| MODIFIEDPROPERTIES | N/A | N/A | N/A |
| EXTERNALACCESS | N/A | N/A | N/A |
| ORIGINATINGSERVER | N/A | N/A | N/A |
| ORGANIZATIONNAME | N/A | N/A | N/A |
| LOGONTYPE | N/A | N/A | N/A |
| MAILBOXOWNER | N/A | N/A | N/A |
| MAILBOXMASTER | N/A | N/A | N/A |
| LOGONUSERSID | N/A | N/A | N/A |
| LOGONUSERDISPLAYNAME | N/A | N/A | N/A |
| USERAGENT | <useragent> | Text/String | N/A |
| CLIENTIPADDRESS | N/A | N/A | N/A |
| CLIENTPROCESSNAME | N/A | N/A | N/A |
| CLIENTVERSION | N/A | N/A | N/A |
| FOLDER | N/A | N/A | N/A |
| CROSSMAILBOXOPERATIONS | N/A | N/A | N/A |
| DESTMAILBOX | N/A | N/A | N/A |
| DESTMAILBOXOWNER | N/A | N/A | N/A |
| DESTMAILBOXMASTER | N/A | N/A | N/A |
| DESTFOLDER | N/A | N/A | N/A |
| FOLDERS | N/A | N/A | N/A |
| AFFECTEDITEMS | N/A | N/A | N/A |
| ITEM | N/A | N/A | N/A |
| SENDASUSER | N/A | N/A | N/A |
| SENDONBEHALFOFUSER | N/A | N/A | N/A |