Breadcrumbs

EVID 5888-5890 : COM+ Catalog Activity (Security)

Event Details

Event Type

Audit Other Object Access Events

Event Description

  • 5888 : An object in the COM+ Catalog was modified.

  • 5889 : An object was deleted from the COM+ Catalog.

  • 5890 : An object was added to the COM+ Catalog.

Event IDs

5888, 5889, 5890

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

Provider

N/A

N/A

EventID

<vmid>

<vmid>

Version

N/A

N/A

Level

N/A

<severity>

Task

N/A

<vendorinfo>

Opcode

N/A

N/A

Keywords

N/A

<result>

TimeCreated

N/A

N/A

EventRecordID

N/A

N/A

Correlation

N/A

N/A

Execution

N/A

N/A

Channel

N/A

N/A

Computer

<dname>

<dname>

SubjectUserSid

N/A

N/A

SubjectUserName

<login>

<login>

SubjectDomainName

<domain>

<domainorigin>

SubjectLogonId

N/A

<session>

ObjectCollectionName

<object>

<objecttype>

ObjectIdentifyingProperties

N/A

N/A

ModifiedObjectProperties

N/A

N/A

EventData

<tag1>

N/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex ID

Rule Name

Rule Type

Common Event

Classification

1001448

EVID 5888 - 5890 : COM+ Catalog Activity

Base Rule

Command Executed

Access Success

EVID 5888 : COM+ Catalog Object Modified

Sub Rule

Object Modified

Access Success

EVID 5889 : COM+ Catalog Object Deleted

Sub Rule

Object Deleted/Removed

Access Success

EVID 5890 : COM+ Catalog Object Added

Sub Rule

Object Added

Access Success

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Event

Classification

1011122

V 2.0 : COM+ Events

Base Rule

Object Operation

Other Audit Success

V 2.0 : EVID 5888 : COM+ Object Modified

Sub Rule

Object Modified

Access Success

V 2.0 : EVID 5889 : COM+ Object Deleted

Sub Rule

Object Deleted/Removed

Access Success

V 2.0 : EVID 5890 : COM+ Object Added

Sub Rule

Object Modified

Access Success