ComputerMgmtReports Log Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
ComputerMgmtReports Log Messages | Base Rule | General Application Management Information | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | <severity> | Text/String | N/A |
Category | <object> | Text/String | N/A |
REPORT_PROFILE | <objectname> | Text/String | N/A |
COMP_MGMT_TYPE | N/A | N/A | N/A |
TIME_GENERATED | N/A | N/A | N/A |
FORMAT_MESSAGE | <subject> | Text/String | N/A |
ACCOUNT_NAME | <dname> | Text/String | N/A |
ACCOUNT_DOMAIN | <domainimpacted> | Text/String | N/A |
ACCOUNT_SID | N/A | N/A | N/A |
CALLER_USER_NAME | N/A | N/A | N/A |
CALLER_USER_DOMAIN | N/A | N/A | N/A |
CALLER_LOGON_ID | N/A | N/A | N/A |
SOURCE | <login> | Text/String | N/A |
EVENT_NUMBER | N/A | N/A | N/A |
REMARKS | <reason> | Text/String | N/A |
RECORD_NUMBER | N/A | N/A | N/A |
CALLER_USER_SID | N/A | N/A | N/A |
ATTRIBUTES_TEXT | N/A | N/A | N/A |
ATTRIBUTES_NEW_VALUE | N/A | N/A | N/A |
ATTRIBUTES_OLD_VALUE | N/A | N/A | N/A |
CORRELATION_ID | N/A | N/A | N/A |
ATTRIBUTE_CATEGORY_ID | N/A | N/A | N/A |
ACCOUNT_SAM_ACCOUNT_NAME | N/A | N/A | N/A |
ACCOUNT_DISPLAY_NAME | N/A | N/A | N/A |
ACCOUNT_USER_PRINCIPAL_NAME | N/A | N/A | N/A |
ACCOUNT_USER_GUID | N/A | N/A | N/A |
ACCOUNT_DISTINGUISH_NAME | N/A | N/A | N/A |
ACCOUNT_NAME_OU_GUID | N/A | N/A | N/A |
ACCOUNT_USER_DEPARTMENT | N/A | N/A | N/A |
ACCOUNT_USER_MANAGER_NAME | N/A | N/A | N/A |
CALLER_SAM_ACCOUNT_NAME | N/A | N/A | N/A |
CALLER_DISPLAY_NAME | N/A | N/A | N/A |
CALLER_USER_PRINCIPAL_NAME | N/A | N/A | N/A |
CALLER_USER_GUID | N/A | N/A | N/A |
CALLER_DISTINGUISH_NAME | N/A | N/A | N/A |
CALLER_USER_OU_GUID | N/A | N/A | N/A |
CALLER_USER_DEPARTMENT | N/A | N/A | N/A |
CALLER_USER_MANAGER_NAME | N/A | N/A | N/A |
ATTRIBUTE_SYNTAX | N/A | N/A | N/A |
OP_APPLN_CORRELATION_ID | N/A | N/A | N/A |
OP_CORRELATION_ID | N/A | N/A | N/A |
OP_TREE_DELETE | N/A | N/A | N/A |
SOURCE_NAME | N/A | N/A | N/A |
LOG_FILE_NAME | N/A | N/A | N/A |
KEYWORDS_NAME | N/A | N/A | N/A |
TASK_CATEGORY_NAME | N/A | N/A | N/A |
TASK_CATEGORY_ID | N/A | N/A | N/A |
EXTRA_COLUMN1 | N/A | N/A | N/A |
EXTRA_COLUMN2 | N/A | N/A | N/A |
EXTRA_COLUMN3 | N/A | N/A | N/A |
EXTRA_COLUMN4 | N/A | N/A | N/A |
EXTRA_COLUMN5 | N/A | N/A | N/A |
EXTRA_COLUMN6 | N/A | N/A | N/A |
EXTRA_COLUMN7 | N/A | N/A | N/A |
EXTRA_COLUMN8 | N/A | N/A | N/A |
EXTRA_COLUMN9 | N/A | N/A | N/A |
EXTRA_COLUMN10 | N/A | N/A | N/A |
UAC_VALUE | N/A | N/A | N/A |
CONFIGURED_DOMAIN_NAME | N/A | N/A | N/A |
ACTUAL_ATTR_NEW_VALUE | N/A | N/A | N/A |
ACTUAL_ATTR_OLD_VALUE | N/A | N/A | N/A |