Child Process Ingress Event
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Child Process Ingress Event | Base Rule | Process/Service Startup Or Shutdown Activity | Startup and Shutdown |
| Child Process Ingress Event : Created | Sub Rule | Process/Service Started | Startup and Shutdown |
| Child Process Ingress Event : Not Created | Sub Rule | Unsuccessful Activity | Other Audit Failure |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| vmid | <vmid> | Text/String |
| computer_name | <dname> | Text/String |
| created | <tag1> | Text/String |
| md5 | <objectname> <hash> | Text/String |
| pid | <processid> | Number |