Issue Log Messages
Vendor Documentation
https://docs.imperva.com/bundle/v4.2-dra-user-guide/page/Service_Account_Abuse.htm https://docs-cybersec.thalesgroup.com/bundle/v4.3-dra-user-guide/page/69851.htm |
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
Issue Log Messages | Base Rule | General Information | Information |
Database Service Account Abuse Messages | Sub Rule | Unauthorized Activity | Misuse |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | N/A | N/A | CEF: Version |
N/A | N/A | N/A | Device Vendor |
N/A | N/A | N/A | Device Product |
N/A | <version> | Text/String | Device Version |
N/A | N/A | N/A | Issue |
N/A | <objecttype> | Text/String | Name |
N/A | N/A | N/A | Severity |
src | <sip> | IP Address | N/A |
suser | <login> | Text/String | N/A |
shost | <sname> | Text/String | N/A |
dst | <dip> | IP Address | N/A |
dhost | <dname> | Text/String | N/A |
start | N/A | N/A | N/A |
msg | <subject> | Text/String | N/A |
cat | N/A | N/A | N/A |
act | <action> | Text/String | N/A |
cs1 | <url> | Text/String | N/A |
cs1Label | N/A | N/A | LinkToAlert |
cs2 | <severity> | Number | N/A |
cs2Label | N/A | N/A | SeverityScore |
cs3 | <quantity> | Number | N/A |
cs3Label | N/A | N/A | NumIncidents |
cs4 | N/A | N/A | N/A |
cs4Label | N/A | N/A | FirstIncidentTime |
cs5 | N/A | N/A | N/A |
cs5Label | N/A | N/A | LastIncidentTime |
cs6 | N/A | N/A | N/A |
cs6Label | N/A | N/A | Incidents |
cs7 | N/A | N/A | N/A |
cs7Label | N/A | N/A | Users |
cs8 | N/A | N/A | N/A |
cs8Label | N/A | N/A | Servers |
cs9 | N/A | N/A | N/A |
cs9Label | N/A | N/A | ClusterName |
cs10 | N/A | N/A | N/A |
cs10Label | N/A | N/A | ClusterMember |
cs11 | N/A | N/A | N/A |
cs11Label | N/A | N/A | SourceApp |