Kernel USB Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Kernel USB Messages | Base Rule | General Device Manager Message | Information |
| USB : Configuration Chosen | Sub Rule | Configuration Information | Information |
| USB : New High Speed USB Device | Sub Rule | USB Device Enabled | Information |
| USB : New USB Device | Sub Rule | USB Device Enabled | Information |
| USB : Reset High Speed USB Device | Sub Rule | Device Reset Initiated | Information |
| USB : USB Device Disconnected | Sub Rule | USB Device Disconnected | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <dinterface> | Number |
| N/A | <dname> | Text\String |
| N/A | <serialnumber> | Number |
| N/A | <object> | Number |
| N/A | <objectname> | Text\String |
| N/A | <process> | Text\String |
| N/A | <processid> | Number |
| N/A | <command> | Text\String |
| N/A | <quantity> | Number |
| N/A | <tag1> | Text\String |