Catch All : Level 3 : Process Information
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Catch All : Level 3 : Process Information | Base Rule | General Process Information | Information |
| Session Closed : User Logout | Sub Rule | Session Closed For User | Other Audit Success |
| Session Closed : Inactivity/Errors | Sub Rule | Session Timeout | Warning |
| IP Cleanup : Read Error | Sub Rule | Cleanup Warning | Warning |
| Session Closed : Admin Termination | Sub Rule | Session Closed For User | Other Audit Success |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <vmid> | Number |
| N/A | <severity> | Text/String |
| N/A | <session> | Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| N/A | <object> | Text/String |