Skip to main content
Skip table of contents

Identity Logging

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule NameRule TypeCommon EventClassification
Identity LoggingBase RuleGeneral User Activity Monitor EventOther Audit
Identity Logging : LogoutSub RuleUser LogoffAuthentication Success
Identity Logging : AuthCrypt FailedSub RuleAuthentication Failure ActivityAuthentication Failure
Identity Logging : AuthcryptSub RuleAuthentication ActivityAuthentication Success
Identity Logging : Control TrafficSub RuleGeneral Network TrafficNetwork Traffic
Identity Logging : LoginSub RuleUser LogonAuthentication Success

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

Product<version>Text/String
origin<sender>Number/Text
Action<action>Number/Text
Action<tag1>Number/Text
ifname<sinterface>Number/Text
ifdirection<tag2>Number/Text
User<login>Number/Text
src_machine_name<sname>Number/Text
sip<sip>Number
dst_machine_name<dname>Number/Text
dst_user_name<account>Number/Text
domain_name<domainimpacted>Number/Text
termination_reason<reason>Number/Text
duration<days>Number
identity_type<objecttype>Number/Text
endpoint_ip<dip>Number
information<vendorinfo>Number/Text


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close