Pattern 1 : General Messages | LogRhythm Documentation

Classification

Rule Name	Rule Type	Common Event	Classification
Pattern 1 : General Messages	Base Rule	General Information	Information
Firewall Drop Ping Disabled	Sub Rule	Configuration Modified : Network Access	Configuration
Firewall Drop Traceroute Disabled	Sub Rule	Configuration Modified : Network Access	Configuration
Web Server Settings: Changed	Sub Rule	Configuration Modified : System	Configuration
Syslog Settings: Changed	Sub Rule	Configuration Modified : System	Configuration
Syslog Event Export Initiated	Sub Rule	Process/Service Starting	Startup and Shutdown
Syslog Events Acknowledged	Sub Rule	Syslog Events Acknowledged	Information
Device Rebooted	Sub Rule	System Restarted	Startup and Shutdown
Device Halted	Sub Rule	System Shutdown	Startup and Shutdown
Global Network Settings: Changed	Sub Rule	Configuration Modified : System	Configuration
Password Change Scheduler: Disabled	Sub Rule	Configuration Modified : System	Configuration
Password Change Scheduler: Enabled	Sub Rule	Configuration Modified : System	Configuration
Password Change Initiated	Sub Rule	Configuration Modified : System	Configuration
Password Generation Initiated	Sub Rule	Configuration Modified : System	Configuration
Passwords Reverted To Initial Values	Sub Rule	Configuration Modified : System	Configuration
Password Change Scheduler: Modified	Sub Rule	Configuration Modified : System	Configuration
Connection Directory: Update Initiated	Sub Rule	Configuration Modified : System	Configuration
Login to Web: Successful	Sub Rule	User Logon	Authentication Success
Audit Report : Deleted	Sub Rule	Configuration Modified : Directory Services	Configuration
Audit Report : Downloaded	Sub Rule	Configuration Modified : Directory Services	Configuration
Audit Report : Generated From Local Log Items	Sub Rule	Configuration Modified : Directory Services	Configuration
LDAP User Attribute Mappings: Changed	Sub Rule	Configuration Modified : Directory Services	Configuration
LDAP Group Mapping: Mapping Deleted	Sub Rule	Configuration Modified : Directory Services	Configuration
LDAP Group Mapping: Mapping Created	Sub Rule	Configuration Modified : Directory Services	Configuration
LDAP Bind DN Password: Changed	Sub Rule	Configuration Modified : Directory Services	Configuration
LDAP: Settings Changed	Sub Rule	Configuration Modified : Directory Services	Configuration
IPsec Drop on OCSP Loss: Enabled	Sub Rule	Configuration Modified : System	Configuration
IPsec: Enabled	Sub Rule	Configuration Modified : System	Configuration
IPsec: Disabled	Sub Rule	Configuration Modified : System	Configuration
IPsec Drop on OCSP Loss: Disabled	Sub Rule	Configuration Modified : System	Configuration
Firmware: Update Initiated	Sub Rule	Software Updated	Configuration
Firewall Allow All Encrypted: Disabled	Sub Rule	Configuration Modified : System	Configuration
Firewall Must Be Encrypted: Enabled	Sub Rule	Configuration Modified : System	Configuration
Firewall Drop Traceroute: Enabled	Sub Rule	Configuration Modified : System	Configuration
Firewall Drop Ping: Enabled	Sub Rule	Configuration Modified : System	Configuration
Firewall Allow All Encrypted: Enabled	Sub Rule	Configuration Modified : System	Configuration
Firewall Must Be Encrypted: Disabled	Sub Rule	Configuration Modified : System	Configuration
Usage Policy: Changed	Sub Rule	Policy Modified : System	Policy
Passwords Reverted To Initial Values	Sub Rule	Configuration Modified : System	Configuration

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<vmid>	Text\String
N/A	<subject>	Text\String
N/A	<sip>	IP Address
N/A	<login>	Text\String
N/A	<tag1>	Text\String
N/A	<tag2>	Text\String