Breadcrumbs

Catch All : State Changes And MKS Connections

Classification

Rule Name

Rule Type

Common Event

Classification

Catch All : State Changes And MKS Connections

Base Rule

Configuration Modified : System

Configuration

Hostd : VM_STATE_SUSP -> VM_STATE_POWERING_ON

Sub Rule

System Started

Startup and Shutdown

Hostd : VM_STATE_POWERING_ON -> VM_STATE_ON

Sub Rule

System Started

Startup and Shutdown

Hostd : VM_STATE_OFF -> VM_STATE_POWERING_ON

Sub Rule

System Started

Startup and Shutdown

Hostd : VM_STATE_IMMIGRATING -> VM_STATE_ON

Sub Rule

System Started

Startup and Shutdown

Hostd : VM_STATE_RECONFIGURING -> VM_STATE_ON

Sub Rule

System Started

Startup and Shutdown

Hostd : VM_STATE_POWERING_ON -> VM_STATE_OFF

Sub Rule

System Shutdown

Startup and Shutdown

Hostd : VM_STATE_EMIGRATING -> VM_STATE_OFF

Sub Rule

System Shutdown

Startup and Shutdown

Hostd : VM_STATE_ON_SHUTTING_DOWN -> VM_STATE_OFF

Sub Rule

System Shutdown

Startup and Shutdown

Hostd : VM_STATE_POWERING_OFF -> VM_STATE_OFF

Sub Rule

System Shutdown

Startup and Shutdown

Hostd : VM_STATE_ON -> VM_STATE_POWERING_OFF

Sub Rule

System Shutting Down

Startup and Shutdown

Hostd : VM_STATE_ON -> VM_STATE_SHUTTING_DOWN

Sub Rule

System Shutting Down

Startup and Shutdown

Hostd : VM_STATE_SHUTTING_DOWN -> VM_STATE_ON_SHUT

Sub Rule

System Shutting Down

Startup and Shutdown

Hostd : Ticket Issued For MKS Connection

Sub Rule

MKS Connection Ticket Issued

Other Audit Success

Hostd : VM_STATE_POWERING_ON -> VM_STATE_SUSP

Sub Rule

System Suspended

Error

Hostd : VM_STATE_ON -> VM_STATE_SUSPENDED

Sub Rule

System Suspended

Error

Hostd : VM_STATE_OFF -> VM_STATE_UNREGISTERING

Sub Rule

Session State Changed

Other Audit

Hostd : VM_STATE_OFF -> VM_STATE_IMMIGRATING

Sub Rule

Session State Changed

Other Audit

Hostd : VM_STATE_ON -> VM_STATE_EMIGRATING

Sub Rule

Session State Changed

Other Audit

Hostd : VM_STATE_ON -> VM_STATE_RECONFIGURING

Sub Rule

Session State Changed

Other Audit

Hostd : VM_STATE_ON -> VM_STATE_TOOLS_UPGRADING

Sub Rule

Upgrade Started

Information

Hostd : VM_STATE_DELETING -> VM_STATE_GONE

Sub Rule

Object Deleted/Removed

Access Success

Hostd : VM_STATE_OFF -> VM_STATE_DELETING

Sub Rule

Object Deleted/Removed

Access Success

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

object

<object>

Text/String

tag1

<tag1>

Text/String

login

<login>

Text/String