Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
General PCI Information |
Base Rule |
General PCI Information |
Information |
|
Failed PCI Command |
Sub Rule |
Failed Process Start |
Error |
|
Successful PCI Command |
Sub Rule |
Successful Activity |
Other Audit Success |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
success |
<tag1> |
Text/String |
|
items |
<itemsin> |
Number/Text |
|
pid |
<process> |
Number/Text |
|
auid |
<account> |
Number/Text |
|
gid |
<group> |
Text/String |
|
ses |
<session> |
Text/String |
|
comm |
<object> |
Text/String |
|
key |
<tag2> |
Text/String |