EVID 1040 & 1042 : MsiInstaller
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| EVID 1040 & 1042 : MsiInstaller | Base Rule | General Software Installation Information | Information |
| EVID 1040 : Installer Started | Sub Rule | Process/Service Started | Startup and Shutdown |
| EVID 1042 : Installer Exited | Sub Rule | Process/Service Stopped | Startup and Shutdown |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Provider name | <vendorinfo> | Text/String |
| Eventid | <vmid> | Number |
| Level | <severity> | Text/String |
| Computer | <dname> | Text/String |
| userid | <domain> | Text/String |
| N/A | <login> | Text/String |
| N/A | <process> | Text/String |
| N/A | <object> | Text/String |
| N/A | <processid> | Number |