Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Netskope: Audit Event |
Base Rule |
Other Audit |
General Audit Message |
|
Netskope : User Logon Success |
Sub Rule |
Authentication Success |
User Logon |
|
Netskope : User Logout Success |
Sub Rule |
Authentication Success |
User Logoff |
|
Netskope : User Logon Failure |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Netskope : SSO User Logon Success |
Sub Rule |
Authentication Success |
User Logon |
|
Netskope : Password Changed |
Sub Rule |
Account Modified |
Password Modified |
|
Netskope : Admin Created |
Sub Rule |
Account Created |
User Account Created |
|
Netskope : Admin Deleted |
Sub Rule |
Account Deleted |
User Account Deleted |
|
Netskope : Admin Disabled |
Sub Rule |
Access Revoked |
Account Disabled |
|
Netskope : Admin Edited |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
Netskope : Admin Enabled |
Sub Rule |
Access Granted |
Account Enabled |
|
Netskope : Admin Unlocked |
Sub Rule |
Access Granted |
Account Unlocked |
|
Netskope : Admin Settings Updated |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
Netskope : Object\Policy Created |
Sub Rule |
Access Success |
Object Created |
|
Netskope : Object\Policy Deleted |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Netskope : User Locked |
Sub Rule |
Access Revoked |
Account Locked |
|
Netskope : Object\Policy Modified |
Sub Rule |
Access Success |
Object Modified |
|
Netskope : Configuration Pushed |
Sub Rule |
Configuration |
Configuration Loaded : System |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
Device vendor |
N/A |
N/A |
|
Device product |
N/A |
N/A |
|
Device version |
N/A |
N/A |
|
Device event class ID |
<vmid> |
Text/String |
|
Event name |
N/A |
N/A |
|
The severity of the event |
<severity> |
Text/String |
|
SupportingData |
<dip> |
IP Address |
|
<account> |
Text/String |
|
|
auditLogEvent |
<action>
|
Text/String |
|
auditType |
<objecttype> |
Text/String |
|
suser |
<login> |
Text/String |
|
timestamp |
N/A |
N/A |