Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Microsoft Apps Activity Messages |
Base Rule |
General Microsoft Exchange Server Information |
Information |
|
PowerApps Messages |
Sub Rule |
Module Loaded |
Other Audit Success |
|
Quarantine Messages |
Sub Rule |
Quarantine |
Activity |
|
AirInvestigation Messages |
Sub Rule |
General Security Alert |
Warning |
|
CRM Messages |
Sub Rule |
General Microsoft CRM Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
TS |
N/A |
N/A |
N/A |
|
SESSID |
<session> |
Text/String |
Session information |
|
COMMAND |
<command> |
Text/String |
Command name |
|
USERTYPE |
<objecttype> |
Text/String |
Type of user |
|
USERKEY |
N/A |
|
User key information |
|
WORKLOAD |
<tag1>
<vendorinfo> |
Text/String |
Audit log record type |
|
RESULTCODE |
<result> |
Text/String |
N/A |
|
OBJECT |
<object> |
Text/String |
Object name |
|
USER |
<login>
|
Text/String |
Source user name |
|
SIP |
<sip> <sport> |
IP Address Number |
Source IP address |
|
DETAILS |
N/A |
N/A |
N/A |
|
CreationTime |
N/A |
N/A |
N/A |
|
ID |
N/A |
N/A |
N/A |
|
Operation |
N/A |
N/A |
N/A |
|
OrganizationId |
N/A |
N/A |
N/A |
|
RecordType |
N/A |
N/A |
N/A |
|
ResultStatus |
N/A |
N/A |
N/A |
|
UserKey |
N/A |
N/A |
N/A |
|
UserType |
N/A |
N/A |
N/A |
|
Version |
<version> |
Number |
N/A |
|
Workload |
N/A |
N/A |
N/A |
|
UserId |
N/A |
N/A |
N/A |
|
NetworkMessageId |
N/A |
N/A |
N/A |
|
ReleaseTo |
N/A |
N/A |
N/A |
|
RequestSource |
N/A |
N/A |
N/A |
|
RequestType |
N/A |
N/A |
N/A |
|
URL |
<url> |
Text/String |
N/A |
|
Useragent |
<useragent> |
Text/String |
N/A |
|
AppName |
<objectname> |
Text/String |
N/A |