Process Information
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Process Information | Base Rule | User Process Information | Information |
| User Logout | Sub Rule | User Logoff | Authentication Success |
| User Login | Sub Rule | User Logon | Authentication Success |
| GET Info | Sub Rule | HTTP GET Method Event | Information |
| Analysis Information | Sub Rule | Analysis Complete | Information |
| Device Information | Sub Rule | Device Registered | Other Audit Success |
| Intrusion Policy Information | Sub Rule | General POLICY Information | Information |
| Object Information | Sub Rule | Object Attributes Listed | Information |
| Overview | Sub Rule | Object Attributes Listed | Information |
| Policy Information | Sub Rule | General POLICY Information | Information |
| System Information | Sub Rule | General System Information | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <severity> | String |
| N/A | <process> | String |
| N/A | <login> | String |
| N/A | <sip> | Number |
| N/A | <action> | String |
| N/A | <url> | String |
| N/A | <status> | String |
| N/A | <vmid> | Number |
| N/A | <object> | String |
| N/A | <policy> | Sting |