Pattern 15 : CASE Updates
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Pattern 15 : CASE Updates | Base Rule | Ops/Information | General Information |
| Starting Update | Sub Rule | Audit/Access Success | Command Executed |
| Update Not Needed | Sub Rule | Ops/Information | Update Not Needed |
| Nothing To Do | Sub Rule | Ops/Information | General Information |
| Status Update | Sub Rule | Ops/Information | Status Log |
| Update Finished | Sub Rule | Ops/Information | Update |
| Restarting Daemons | Sub Rule | Audit/Startup and Shutdown | Process/Service Restarted |
| Update Resumed | Sub Rule | Ops/Information | Update Resumed |
| Checking For Update | Sub Rule | Ops/Information | Checking For Update |
| Execute Process | Sub Rule | Audit/Access Success | Command Executed |
| Created Directory | Sub Rule | Audit/Access Success | Object Created |
| Post-Update Cleanup Started | Sub Rule | Ops/Information | Post-Update Cleanup Started |
| Post-Update Cleanup Completed | Sub Rule | Ops/Information | Post-Update Cleanup Completed |
| Execute Case Monitor | Sub Rule | Audit/Startup and Shutdown | Process/Service Started |
| Dequeue Status | Sub Rule | Ops/Information | General Information |
| Case Monitor Ping Result | Sub Rule | Ops/Network Traffic | Ping Response |
| Case Transfer Error | Sub Rule | Ops/Error | Case Transfer Error |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| <seconds> | Number | ||
| <tag1> | Text\String | ||
<tag2> | Text\String | ||
<tag3> | Text\String |