LocalLogonLogoffReports Log Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
LocalLogonLogoffReports Log Messages | Base Rule | General Info Log Information | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | <severity> | Text/String | N/A |
Category | <object> | Text/String | N/A |
REPORT_PROFILE | <objectname> | Text/String | N/A |
USERNAME | <account> | Text/String | N/A |
CLIENT_IP_ADDRESS | <dip> | IP Address | N/A |
CLIENT_HOST_NAME | <dname> | Text/String | N/A |
TIME_GENERATED | N/A | N/A | N/A |
RECORD_NUMBER | N/A | N/A | N/A |
EVENT_TYPE | N/A | N/A | N/A |
EVENT_TYPE_TEXT | <status> | Text/String | N/A |
DOMAIN | <domainorigin> | Text/String | N/A |
SOURCE | <login> | Text/String | N/A |
USER_SID | <session> | Text/String | N/A |
EVENT_NUMBER | N/A | N/A | N/A |
REMARKS | <reason> | Text/String | N/A |
LOGON_ID | N/A | N/A | N/A |
LOGON_TYPE | N/A | N/A | N/A |
LOGON_TYPE_TEXT | N/A | N/A | N/A |
LOGON_PROCESS | N/A | N/A | N/A |
AUTHENTICATION_PACKAGE | N/A | N/A | N/A |
CALLER_USER_NAME | N/A | N/A | N/A |
CALLER_USER_DOMAIN | N/A | N/A | N/A |
SOURCE_PORT | <sport> | Number | N/A |
FORMAT_MESSAGE | <subject> | Text/String | N/A |
CALLER_PROCESS_ID | N/A | N/A | N/A |
CALLER_PROCESS_NAME | N/A | N/A | N/A |