DCMoveEventData 36999|36998
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| DCMoveEventData 36999|36998 | Base Rule | Information | General Information |
| EPO MOVE AV - Scan Started | Sub Rule | Information | Scan Started |
| EPO MOVE AV - Scan Completed | Sub Rule | Information | Scan Stopped |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| MachineName | <dname> | Text/String | Name of the system hosting the detecting product. |
| AgentGUID | N/A | N/A | Unique identifier of the agent that forwarded the event. |
| IPAddress | <dip> | IP Address | IP address of the system hosting the detecting product (if given in the event). |
| OSName | N/A | N/A | N/A |
| UserName | <domainimpacted> <account> | Text/String | N/A |
| TimeZoneBias | N/A | N/A | N/A |
| RawMACAddress | <dmac> | Text/String | MAC address of the system hosting the detecting product. |
| ProductName | <vendorinfo> | Text/String | Name of the detecting managed product. |
| ProductVersion | <version> | Text/String/Number | Version number of the detecting product. |
| ProductFamily | N/A | N/A | N/A |
| EventID | <vmid> | Number | Unique identifier of the event class. |
| Severity | <severity> | Text/String/Number | N/A |
| GMTTime | N/A | N/A | N/A |
| MOVEOpt_product_id | N/A | N/A | N/A |
| MOVEOpt_event_name | <subject> | Text/String | N/A |
| MOVEOpt_evt_id | N/A | N/A | N/A |
| MOVEOpt_evt_sink | N/A | N/A | N/A |
| MOVEOpt_time_stamp | N/A | N/A | N/A |
| MOVEOpt_server_state | N/A | N/A | N/A |
| MOVEOpt_file_name | <domainimpacted> <account> | Text/String | N/A |
| MOVEOpt_action_taken | <process> | Text/String | N/A |
| MOVEOpt_file_name | <object> | Text/String | N/A |
| MOVEOpt_action_taken | <action> | Text/String | N/A |