LogonReports Log Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
LogonReports Log Messages | Base Rule | User Logon | Authentication Success |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
N/A | <severity> | Text/String | N/A |
Category | <object> | Text/String | N/A |
REPORT_PROFILE | <objectname> | Text/String | N/A |
USERNAME | <account> | Text/String | N/A |
CLIENT_IP_ADDRESS | <dip> | IP Address | N/A |
CLIENT_HOST_NAME | <dname> | Text/String | N/A |
TIME_GENERATED | N/A | N/A | N/A |
RECORD_NUMBER | N/A | N/A | N/A |
EVENT_TYPE | N/A | N/A | N/A |
EVENT_TYPE_TEXT | <status> | Text/String | N/A |
DOMAIN | <domainorigin> | Text/String | N/A |
SOURCE | <login> | Text/String | N/A |
LOGON_SERVICE | N/A | N/A | N/A |
USER_SID | <session> | Text/String | N/A |
ERROR_CODE | <responsecode> | Number | N/A |
ERROR_CODE_TEXT | <objecttype> | Text/String | N/A |
EVENT_NUMBER | N/A | N/A | N/A |
REMARKS | <reason> | Text/String | N/A |