Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Process Information |
Base Rule |
User Process Information |
Information |
|
User Logout |
Sub Rule |
User Logoff |
Authentication Success |
|
User Login |
Sub Rule |
User Logon |
Authentication Success |
|
GET Info |
Sub Rule |
HTTP GET Method Event |
Information |
|
Analysis Information |
Sub Rule |
Analysis Complete |
Information |
|
Device Information |
Sub Rule |
Device Registered |
Other Audit Success |
|
Intrusion Policy Information |
Sub Rule |
General POLICY Information |
Information |
|
Object Information |
Sub Rule |
Object Attributes Listed |
Information |
|
Overview |
Sub Rule |
Object Attributes Listed |
Information |
|
Policy Information |
Sub Rule |
General POLICY Information |
Information |
|
System Information |
Sub Rule |
General System Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
N/A |
<severity> |
String |
|
N/A |
<process> |
String |
|
N/A |
<login> |
String |
|
N/A |
<sip> |
Number |
|
N/A |
<action> |
String |
|
N/A |
<url> |
String |
|
N/A |
<status> |
String |
|
N/A |
<vmid> |
Number |
|
N/A |
<object> |
String |
|
N/A |
<policy> |
Sting |