Breadcrumbs

Database Log Messages (Syslog - Imperva Data Risk Analytics CEF)

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification

Database Log Messages

Base Rule

Database Information

Information

Database Service Account Abuse Messages

Sub Rule

Unauthorized Activity

Misuse

Excessive Database Record Access Messages

Sub Rule

Database Update Event

Information

Excessive Failed Logins From Application Server

Sub Rule

User Logon Failure

Authentication Failure

Suspicious Application Data Access Messages

Sub Rule

Suspicious Activity

Suspicious

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A

N/A

N/A

CEF: Version

N/A

N/A

N/A

Device Vendor

N/A

N/A

N/A

Device Product

N/A

<version>

Text/String

Device Version

N/A

N/A

N/A

Database

N/A

<vmid>

Number

Device Event Class ID

N/A

<objecttype>
<tag1>

Text/String

Name

N/A

N/A

N/A

Severity

suser

<login>

Text/String

N/A

src

<sip>

IP Address

N/A

shost

<sname>

Text/String

N/A

dst

<dip>

IP Address

N/A

dhost

<dname>

Text/String

N/A

start

N/A

N/A

N/A

msg

<subject>

Text/String

N/A

cat

N/A

N/A

N/A

act

N/A

N/A

N/A

cs1

<url>

Text/String

N/A

cs1Label

N/A

N/A

LinkToAlert

cs2

<account>

Text/String

N/A

cs2Label

N/A

N/A

destinationAccount

cs3

N/A

N/A

N/A

cs3Label

N/A

N/A

Destination

cs4

N/A

N/A

N/A

cs4Label

N/A

N/A

AccessedTables

cs5

<quantity>

Number

N/A

cs5Label

N/A

N/A

NumOfAccessedObjects

cs6

<action>

Text/String

N/A

cs6Label

N/A

N/A

UserAction

cs7

N/A

N/A

N/A

cs7Label

N/A

N/A

AdditionalSrcUsers

cs8

N/A

N/A

N/A

cs8Label

N/A

N/A

AdditionalSrcIps

cs9

N/A

N/A

N/A

cs9Label

N/A

N/A

AdditionalSrcHosts

cs10

N/A

N/A

N/A

cs10Label

N/A

N/A

AdditionalDstIps

cs11

N/A

N/A

N/A

cs11Label

N/A

N/A

AdditionalDstHosts

cs12

<severity>

Number

N/A

cs12Label

N/A

N/A

SeverityScore

cs13

N/A

N/A

N/A

cs13Label

N/A

N/A

ClusterName

cs14

N/A

N/A

N/A

cs14Label

N/A

N/A

ClusterMemberName

cs15

N/A

N/A

N/A

cs15Label

N/A

N/A

AdditionalClusterNames

cs16

N/A

N/A

N/A

cs16Label

N/A

N/A

AdditionalClusterMemberNames

cs17

N/A

N/A

N/A

cs17Label

N/A

N/A

SourceApp

cs18

N/A

N/A

N/A

cs18Label

N/A

N/A

AdditionalSourceApps

cs19

N/A

N/A

N/A

cs19Label

N/A

N/A

DestinationType

cs20

<sessiontype>

Text/String

N/A

cs20Label

N/A

N/A

ActionType

cs21

N/A

N/A

N/A

cs21Label

N/A

N/A

SecureSphereInfo