Pattern 11 : TaskManager : Task Manager Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Pattern 11 : TaskManager : Task Manager Messages | Base Rule | General Information | Information |
| haTask-ha-host-vim.DiagnosticManager.browse | Sub Rule | Process/Service Started | Startup and Shutdown |
| haTask-ha-host-vim.DiagnosticManager.browse | Sub Rule | Task Completed | Information |
| haTask-16-vim.VirtualMachine.powerOff Started | Sub Rule | Process/Service Started | Startup and Shutdown |
| haTask-16-vim.VirtualMachine.powerOff Completed | Sub Rule | System Shutdown | Startup and Shutdown |
| haTask-16-vim.VirtualMachine.powerOn Completed | Sub Rule | System Started | Startup and Shutdown |
| haTask-16-vim.VirtualMachine.powerOn Created | Sub Rule | Virtual Machine Startup Task Created | Information |
| haTask-ha-host-vim.option.OptionManager Created | Sub Rule | Process/Service Started | Startup and Shutdown |
| haTask-ha-host-vim.option.OptionManager Completed | Sub Rule | Task Completed | Information |
| TaskManager : General Task Completed | Sub Rule | Task Completed | Information |
| TaskManager : General Task Created | Sub Rule | Task Completed | Information |
| haTask-ha-folder-root-vim.host.LclAcctmgr.CrtUsr | Sub Rule | User Account Created | Account Created |
| haTask-ha-folder-root-vim.host.LclAcctMgr.RmvUsr | Sub Rule | User Account Deleted | Account Deleted |
| haTask-ha-host-vim.HostSystem.reboot | Sub Rule | System Reboot Task Created | Information |
| haTask-ha-host-vim.HostSystem.reboot | Sub Rule | System Restarted | Startup and Shutdown |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Process | <process> | Text/String |
| Tag1 | <tag1> | Text/String |
| Tag2 | <tag2> | Text/String |
| Vmid | <vmid> | Text/String |