Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
PGP Client : Mount Success |
Sub Rule |
Information |
File System Mounted |
|
PGP Client : Encrypted Bytes |
Sub Rule |
Information |
Using Encryption For Client |
|
PGP Client : Item Not Found |
Sub Rule |
Error |
Entry Not Found |
|
PGP Client : Authenticated |
Sub Rule |
Other Audit Success |
Session Authenticated |
|
PGP Client : Universal Satellite Service Running |
Sub Rule |
Information |
Running Process |
|
PGP Client : Universal USP Service Running |
Sub Rule |
Information |
Running Process |
|
PGP Client : Started Encryption |
Sub Rule |
Information |
Encryption Process Starting |
|
PGP Client : Encrypted Bytes |
Sub Rule |
Information |
Encryption Process |
|
PGP Client : Resumed Encryption |
Sub Rule |
Information |
Encryption Process |
|
PGP Client : Update WDRT |
Sub Rule |
Information |
Update Event |
|
PGP Client : Status Unchanged |
Sub Rule |
Information |
Task Status |
|
PGP Client : Connection Established |
Sub Rule |
Network Traffic |
Network Connection Established |
|
PGP Client : Unknown Error |
Sub Rule |
Error |
Unknown Error |
|
PGP Client : Request UploadKey |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request SendLogString |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request SendEvent |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetWDRT |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetUpdatedTimes |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetPrefs |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetCustomizationData |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GenerateKey |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request DownloadKey |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetNonExpiringCookie |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetLDAPUserInfo |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetKeyByKeyID |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetGranularPolicy |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetEchoVersionAvailable |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Request GetEchoPrefs |
Sub Rule |
Information |
Client Sending Request |
|
PGP Client : Not Signed By A Trusted Certificate |
Sub Rule |
Warning |
Client Rejected Certificate |
|
PGP Client : Mount Failure |
Sub Rule |
Error |
File System Mount Failure |
|
PGP Client : FIPS Integrity Checks Disabled |
Sub Rule |
Information |
General FIPS Message |
|
PGP Client : Device Detected |
Sub Rule |
Information |
Device Detected |
|
PGP Client : Machine Detected |
Sub Rule |
Information |
Device Detected |
|
PGP Client : GetGranularPolicy |
Sub Rule |
Information |
Policy Summary |
|
Pattern 3 : PGP Client Messages |
Base Rule |
Information |
General PGP Message |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
LOC5 |
<severity> |
Text/String |
|
N/A |
<sname> |
Text/String |
|
user |
<dname> |
Text/String |
|
N/A |
<account> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<processid> |
Number |
|
N/A |
<object> |
Text/String |
|
N/A |
<tag3> |
Text/String |
|
N/A |
<sip> |
Number |
|
N/A |
<sport> |
Number |
|
N/A |
<login> |
Text/String |
|
N/A |
<amount> |
Number |
|
N/A |
<quantity> |
Number |