Netskope : Legal Hold Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Base Rule | Information | General Information Log Message |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Device Vendor | N/A | N/A |
| Device Product | N/A | N/A |
| Device Version | N/A | N/A |
| Device Event Class ID | <vmid> | Text/String |
| Name of the event | N/A | N/A |
| Severity of the event | <severity> | Text/String |
| accessMethod | N/A | N/A |
| appcategory | <subject> | Text/String |
| browser | N/A | N/A |
| cci | N/A | N/A |
| ccl | N/A | N/A |
| device | N/A | N/A |
| dlpProfile | N/A | N/A |
| instanceId | N/A | N/A |
| lhCustodianEmail | N/A | N/A |
| lhDestApp | N/A | N/A |
| lhDestInstance | N/A | N/A |
| lhFilePath | N/A | N/A |
| lhInstance | N/A | N/A |
| lhModified | N/A | N/A |
| lhOriginalFilename | N/A | N/A |
| lhProfileName | N/A | N/A |
| lhShared | N/A | N/A |
| md5 | <hash> | Text/String |
| mimeType | N/A | N/A |
| object | <object> | Text/String |
| os | N/A | N/A |
| policy | <policy> | Text/String |
| requestClientApplication | N/A | N/A |
| sourceServiceName | <process> | Text/String |
| suser | <login> | Text/String |
| timestamp | N/A | N/A |