This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field
LogRhythm Default
LogRhythm Default v2.0
Provider
N/A
N/A
EventID
<vmid>
<vmid>
Version
N/A
N/A
Level
N/A
<severity>
Task
N/A
<vendorinfo>
Opcode
N/A
N/A
Keywords
N/A
<result>
TimeCreated
N/A
N/A
EventRecordID
N/A
N/A
Correlation
N/A
N/A
Execution
N/A
N/A
Channel
N/A
N/A
Computer
<dname>
<dname>
SubjectUserSid
N/A
N/A
SubjectUserName
<login>
<login>
SubjectDomainName
<domain>
<domainorigin>
SubjectLogonId
N/A
<session>
ObjectCollectionName
<object>
<objecttype>
ObjectIdentifyingProperties
N/A
N/A
ModifiedObjectProperties
N/A
N/A
EventData
<tag1>
N/A
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID
Rule Name
Rule Type
Common Event
Classification
1001448
EVID 5888 - 5890 : COM+ Catalog Activity
Base Rule
Command Executed
Access Success
EVID 5888 : COM+ Catalog Object Modified
Sub Rule
Object Modified
Access Success
EVID 5889 : COM+ Catalog Object Deleted
Sub Rule
Object Deleted/Removed
Access Success
EVID 5890 : COM+ Catalog Object Added
Sub Rule
Object Added
Access Success
LogRhythm Default v2.0
Regex ID
Rule Name
Rule Type
Common Event
Classification
1011122
V 2.0 : COM+ Events
Base Rule
Object Operation
Other Audit Success
V 2.0 : EVID 5888 : COM+ Object Modified
Sub Rule
Object Modified
Access Success
V 2.0 : EVID 5889 : COM+ Object Deleted
Sub Rule
Object Deleted/Removed
Access Success
V 2.0 : EVID 5890 : COM+ Object Added
Sub Rule
Object Modified
Access Success
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.
