Gatekeeper Syslog Messages
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Gatekeeper Syslog Messages | Base Rule | General Warning | Warning |
| Timeout Expired Messages | Sub Rule | User Timed Out And Disconnected | Warning |
| User Added Messages | Sub Rule | Host Information Added | Information |
| Bad User ID Messages | Sub Rule | User Logon Failure : Bad Username | Authentication Failure |
| Created Policy Messages | Sub Rule | Policy Created : User/Password | Policy |
| Download Messages | Sub Rule | Object Downloaded | Access Success |
| GIT Server Updated Messages | Sub Rule | General Windows Server Update Services Information | Information |
| Log Records Messages | Sub Rule | General Information Log Message | Information |
| Login Successful Messages | Sub Rule | Info : LOGIN_INFORMATION | Information |
| Logout Messages | Sub Rule | Logout Request | Information |
| Port Scan Messages | Sub Rule | Port Scan | Reconnaissance |
| Administration Section Messages | Sub Rule | General Administration Event | Other Audit |
| Configuration Section Messages | Sub Rule | Configuration Information | Information |
| Unauthorized Access Messages | Sub Rule | Unauthorized Activity | Misuse |
| User Update Messages | Sub Rule | Updated User Data | Information |
| Updated Policy Messages | Sub Rule | Policy Modified : Object | Policy |
| Uploaded Object Messages | Sub Rule | File Uploaded | Information |
| Login Timeout Messages | Sub Rule | Info : LOGIN_TIMED_OUT | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| severity | <severity> | Text/String |
| processid | <processid> | Number |
| Private IP | <sip> | IP Address |
| Nat/Proxy IP | <snatip> | IP Address |
| user | <login> | Text/String |
| Transaction | <action> | Text/String |
| Address | <dip> | IP Address |
| Device Name: | <sname> | Text/String |
| User Group | <group> | Text/String |
| Port | <sport> | Number |
| Access/Protocol | <protname> | Number |
| Details | <subject> | Text/String |
| N/A | <tag1> | Text/String |
| Services | <useragent> | Text/String |
| object | <object> | Text/String |
| kilobytes | <kilobytes> | Number |
| url | <url> | Text/String |
| dname | <dname> | Text/String |
| dc | <domainorigin> | Text/String |
| policy | <policy> | Text/String |