This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field
LogRhythm Default
LogRhythm Default v2.0
Provider
N/A
N/A
EventID
<vmid>
<vmid>
Version
N/A
N/A
Level
N/A
<severity>
Task
N/A
<vendorinfo>
Opcode
N/A
N/A
Keywords
<tag1>
<result>
TimeCreated
N/A
N/A
EventRecordID
N/A
N/A
Correlation
N/A
N/A
Execution
N/A
N/A
Channel
N/A
N/A
Computer
<dname>
<dname>
TargetUserName
<account>
<account>, <tag1>
TargetDomainName
<sname>
<sname>
TargetSid
N/A
N/A
SubjectUserSid
N/A
N/A
SubjectUserName
<login>
<login>
SubjectDomainName
<domainimpacted>
<domainorigin>
SubjectLogonId
<session>
<session>
Event
<vendorinfo>
N/A
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID
Rule Name
Rule Type
Common Event
Classification
1000627
EVID 4740, 4767 : Account Locked Out
Base Rule
Account Locked
Access Revoked
EVID 4767 : User Account Unlocked
Sub Rule
Account Unlocked
Access Granted
EVID 4740 : Admin Account Locked Out
Sub Rule
Account Locked
Access Revoked
EVID 4740 : User Account Locked Out
Sub Rule
Account Locked
Access Revoked
EVID 4767 : Admin Account Unlocked
Sub Rule
Account Unlocked
Access Granted
LogRhythm Default v2.0
Regex ID
Rule Name
Rule Type
Common Event
Classification
1011065
V 2.0 : EVID 4740 : User Account Lockout
Base Rule
Account Locked
Access Revoked
V 2.0 : EVID 4740 : Computer Account Locked Out
Sub Rule
Account Locked
Access Revoked
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.
