Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Pattern 15 : CASE Updates |
Base Rule |
Ops/Information |
General Information |
|
Starting Update |
Sub Rule |
Audit/Access Success
|
Command Executed |
|
Update Not Needed |
Sub Rule |
Ops/Information
|
Update Not Needed |
|
Nothing To Do |
Sub Rule |
Ops/Information
|
General Information |
|
Status Update |
Sub Rule |
Ops/Information |
Status Log |
|
Update Finished |
Sub Rule |
Ops/Information |
Update |
|
Restarting Daemons |
Sub Rule |
Audit/Startup and Shutdown
|
Process/Service Restarted |
|
Update Resumed |
Sub Rule |
Ops/Information |
Update Resumed |
|
Checking For Update |
Sub Rule |
Ops/Information |
Checking For Update |
|
Execute Process |
Sub Rule |
Audit/Access Success |
Command Executed |
|
Created Directory |
Sub Rule |
Audit/Access Success |
Object Created |
|
Post-Update Cleanup Started |
Sub Rule |
Ops/Information |
Post-Update Cleanup Started |
|
Post-Update Cleanup Completed |
Sub Rule |
Ops/Information |
Post-Update Cleanup Completed |
|
Execute Case Monitor |
Sub Rule |
Audit/Startup and Shutdown |
Process/Service Started |
|
Dequeue Status |
Sub Rule |
Ops/Information |
General Information |
|
Case Monitor Ping Result |
Sub Rule |
Ops/Network Traffic |
Ping Response |
|
Case Transfer Error |
Sub Rule |
Ops/Error |
Case Transfer Error |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
|
<seconds> |
Number |
|
|
|
<tag1> |
Text\String |
|
|
|
<tag2> |
Text\String |
|
|
|
<tag3> |
Text\String |
|