Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Pattern 18 : Spam Quarantine
|
Base Rule |
Ops/Information |
General Information |
|
Vacuumed Messages Elapsed |
Sub Rule |
Ops/Information |
Vacuumed Messages Elapsed |
|
Vacuum Finished |
Sub Rule |
Ops/Information |
Vacuum Finished |
|
Inactive Users Purged |
Sub Rule |
Ops/Information |
Inactive Users Purged |
|
Vacuum Started |
Sub Rule |
Audit/Startup and Shutdown |
Process/Service Started |
|
Task Ended |
Sub Rule |
Audit/Other |
Task Ended |
|
User Purge Completed |
Sub Rule |
Ops/Information |
User Purge Completed |
|
Task Started |
Sub Rule |
Audit/Startup and Shutdown |
Process/Service Started |
|
Scheduled Task Created |
Sub Rule |
Audit/Configuration |
Configuration Enabled : System |
|
Index Not Used |
Sub Rule |
Ops/Information |
Index Not Used |
|
Expired Message Purged |
Sub Rule |
Ops/Information |
Expired Message Purged |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
|
<process>
|
Text\String |
|
|
|
<object> |
Text\String |
|
|
|
<seconds> |
Number |
|
|
|
<milliseconds> |
Number |
|
|
|
<quantity> |
Number |
|
|
|
<tag1> |
Text\String |
|
|
|
<tag2> |
Text\String |
|