Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Object Access Logs |
Base Rule |
Operations : Informations |
Connection Information |
|
Object Added |
Sub Rule |
Access Success |
Object Added |
|
Object Deleted |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Object Modified |
Sub Rule |
Access Success |
Object Modified |
|
Object Bind Information |
Sub Rule |
Information |
Bind Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
LOC4: |
<tag1> |
Text/String |
|
Oct 10 16:59:06 |
<dname> |
Text/String |
|
N/A |
<process> |
Text/String |
|
conn |
<session> |
Number |
|
op=160 |
<tag4> |
Text/String |
|
uid |
<login> |
Text/String |
|
dc |
<domainorigin> |
Text/String |
|
uid |
<account> |
Text/String |
|
attr |
<object> |
Text/String |