Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Issue Log Messages |
Base Rule |
General Information |
Information |
|
Database Service Account Abuse Messages |
Sub Rule |
Unauthorized Activity |
Misuse |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
N/A |
N/A |
N/A |
CEF: Version |
|
N/A |
N/A |
N/A |
Device Vendor |
|
N/A |
N/A |
N/A |
Device Product |
|
N/A |
<version> |
Text/String |
Device Version |
|
N/A |
N/A |
N/A |
Issue |
|
N/A |
<objecttype>
|
Text/String |
Name |
|
N/A |
N/A |
N/A |
Severity |
|
src |
<sip> |
IP Address |
N/A |
|
suser |
<login> |
Text/String |
N/A |
|
shost |
<sname> |
Text/String |
N/A |
|
dst |
<dip> |
IP Address |
N/A |
|
dhost |
<dname> |
Text/String |
N/A |
|
start |
N/A |
N/A |
N/A |
|
msg |
<subject> |
Text/String |
N/A |
|
cat |
N/A |
N/A |
N/A |
|
act |
<action> |
Text/String |
N/A |
|
cs1 |
<url> |
Text/String |
N/A |
|
cs1Label |
N/A |
N/A |
LinkToAlert |
|
cs2 |
<severity> |
Number |
N/A |
|
cs2Label |
N/A |
N/A |
SeverityScore |
|
cs3 |
<quantity> |
Number |
N/A |
|
cs3Label |
N/A |
N/A |
NumIncidents |
|
cs4 |
N/A |
N/A |
N/A |
|
cs4Label |
N/A |
N/A |
FirstIncidentTime |
|
cs5 |
N/A |
N/A |
N/A |
|
cs5Label |
N/A |
N/A |
LastIncidentTime |
|
cs6 |
N/A |
N/A |
N/A |
|
cs6Label |
N/A |
N/A |
Incidents |
|
cs7 |
N/A |
N/A |
N/A |
|
cs7Label |
N/A |
N/A |
Users |
|
cs8 |
N/A |
N/A |
N/A |
|
cs8Label |
N/A |
N/A |
Servers |
|
cs9 |
N/A |
N/A |
N/A |
|
cs9Label |
N/A |
N/A |
ClusterName |
|
cs10 |
N/A |
N/A |
N/A |
|
cs10Label |
N/A |
N/A |
ClusterMember |
|
cs11 |
N/A |
N/A |
N/A |
|
cs11Label |
N/A |
N/A |
SourceApp |