EVID 40702 - Endpoint Task Started
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
EVID 40702 - Endpoint Task Started | Base Rule | Information | Scheduled Task Started |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
N/A | N/A | N/A | N/A |
MachineName | N/A | N/A | Name of the system hosting the detecting product. |
AgentGUID | N/A | N/A | Unique identifier of the agent that forwarded the event. |
IPAddress | <dip> | IP Address | IP address of the system hosting the detecting product (if given in the event). |
RawMACAddress | <dmac> | Text/String/Number | MAC address of the system hosting the detecting product. |
AgentVersion | N/A | N/A | N/A |
OSName | N/A | N/A | N/A |
TimeZoneBias | N/A | N/A | N/A |
TargetUserName | <account> | Text/String | The threat source user name or email address. |
ProductName | <vendorinfo> | Text/String | Name of the detecting managed product. |
ProductVersion | <version> | Text/String/Number | Version number of the detecting product. |
ProductFamily | N/A | N/A | N/A |
Analyzer | N/A | N/A | N/A |
EventID | <vmid> | Number | Unique identifier of the event class. |
Severity | <severity> | Number | N/A |
GMTTime | N/A | N/A | N/A |
LocalTime | N/A | N/A | N/A |
AnalyzerName | N/A | N/A | Name of the detecting managed product. |
AnalyzerVersion | N/A | N/A | Version number of the detecting product. |
ThreatActionTaken | <action> | Text/String | The action taken by the product in response to the threat. |
ThreatCategory | <subject> | Text/String | Category of the event. Possible categories depend on the product. |
ThreatName | <threatname> | Text/String | Name of the threat. |
ThreatType | N/A | N/A | Class of the threat. |