Pattern 27 : Group Policy Message

Classification

Rule Name	Rule Type	Common Event	Classification
Pattern 27 : Group Policy Message	Base Rule	General POLICY Information	Information
Accumulating Settings From GPOs	Sub Rule	Policy Created : Domain	Policy
Applying Settings Changes	Sub Rule	Policy Modified : Domain	Policy
Updating VGP From Policy	Sub Rule	Policy Modified : Domain	Policy
VGP Apply Policy	Sub Rule	Policy Enabled : Domain	Policy
Sending User Account Information	Sub Rule	Sending Request	Information
Removed Existing ADM Policy Settings	Sub Rule	Policy Modified : Domain	Policy
Group Policy Host Information	Sub Rule	Host Description	Information
Empty Group Policy Log	Sub Rule	General POLICY Information	Information
GUID Information	Sub Rule	Instance Information	Information
MS Outlook Information	Sub Rule	General Outlook Information	Information

Mapping with LogRhythm Schema  

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<sname>	Text\String
N/A	<dname>	Text\String
N/A	<sport>	Number
N/A	<object>	Text\String
N/A	<tag2>	Text\String
N/A	<tag1>	Text\String

×