MS Windows Log Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| MS Windows Log Messages | Base Rule | Windows Informational Event | Information |
| EVID 64 : Windows Certificate Messages | Sub Rule | Windows Warning Event | Warning |
| EVID 257 : Defrag Messages | Sub Rule | General O&O Defrag Error | Error |
| EVID 258 : Defarg Information | Sub Rule | General O&O Defrag Information | Information |
| EVID 1008 : Perflib Event Message | Sub Rule | General Perflib Error | Error |
| EVID 4005 : Logon Process Terminated | Sub Rule | General Winlogon Information | Information |
| EVID 6000 : Winlogon Information | Sub Rule | General Winlogon Information | Information |
| EVID 6003 : Winlogon Information Messages | Sub Rule | General Winlogon Information | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Name | <vendorinfo> | Text/String |
| Eventid | <vmid> | Number |
| Level | <severity> | Text/String |
| Computer | <dname> | Text/String |
| ThreadID | <session> | Number |
| N/A | <process> | Text/String |
| ProcessID | <processid> | Number |
| N/A | <object> | Text/String |
| N/A | <objectname> | Text/String |
| N/A | <subject> | Text/String |
| Version | <version> | Number |
| N/A | <useragent> | Text/String |