EVID : 2401/02/11/12/13/22/27 Update Messages

Vendor Documentation

Rule Name	Rule Type	Classification	Common Event
EVID : 2401/02/11/12/13/22/27 Update Messages	Base Rule	Information	General Information Log Message
ePO - Update Successful	Sub Rule	Audit : Configuration	Software Updated
ePO - Update Failed	Sub Rule	Operations : Error	Software Update Failed
ePO - Deployment Successful	Sub Rule	Audit : Configuration	Software Installed
ePO - Deployment Failed	Sub Rule	Operations : Warning	Software Installation Failed
ePO - Agent Uninstall Attempt	Sub Rule	Audit : Configuration	Software Uninstalled
ePO - Policy Retrieval Failure	Sub Rule	Operations : Critical	Unknown Error
ePO - Property Collection Failure	Sub Rule	Operations : Warning	Extraction Error

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	N/A	N/A	N/A
AgentGUID	N/A	N/A	Unique identifier of the agent that forwarded the event.
MachineName	<dname>	Text/String	Name of the system hosting the detecting product.
RawMACAddress	<dmac>	Text/String	MAC address of the system hosting the detecting product.
IPAddress	<dip>	IP Address	IP address of the system hosting the detecting product (if given in the event).
AgentVersion	N/A	N/A	N/A
OSName	N/A	N/A	N/A
TimeZoneBias	N/A	N/A	N/A
UserName	<account> <domainimpacted>	Text/String	N/A
ProductName	<vendorinfo>	Text/String	Name of the detecting managed product.
ProductVersion	<version>	Text/String/Number	Version number of the detecting product.
ProductFamily	N/A	N/A	N/A
EventID	<vmid>	Number	Unique identifier of the event class.
Severity	<severity>	Number	N/A
GMTTime	N/A	N/A	N/A
ProductID	N/A	N/A	N/A
Locale	N/A	N/A	N/A
Error	<responsecode>	Text/String/Number	N/A
Type	<action>	Text/String	N/A
Version	N/A	N/A	N/A
InitiatorID	N/A	N/A	N/A
InitiatorType	<objecttype>	Text/String	N/A
SiteName	N/A	N/A	N/A
Description	N/A	N/A	N/A