Security and Compliance Center Messages
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Security and Compliance Center Messages | Base Rule | General Security Note | Information |
| Security and Compliance Center Error Message | Sub Rule | General Security Center Error | Error |
| Security and Compliance Center : Case Added | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Case Updated | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Case Viewed | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Hold Created | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Hold Updated | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Hold Viewed | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Search Created | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Search Previewed | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Search Removed | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Search Started | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Search Updated | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Search Viewed | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Viewed Search | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : Search Report | Sub Rule | General Security Center Information | Information |
| Security and Compliance Center : AlertTriggered | Sub Rule | Alert Manager Message | Information |
| Security and Compliance Center : AlertEntityGenera | Sub Rule | Alert Manager Message | Information |
| Security and Compliance Center : InsightGenerated | Sub Rule | Sever Generated Message | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| TS | N/A | N/A | N/A |
| SESSID | <session> | Text/String | Session information |
| COMMAND | <command> | Text/String | Command name |
| USERTYPE | N/A | N/A | Type of user |
| USERKEY | N/A | N/A | User key informations hexadecimal value |
| WORKLOAD | <process> <vendorinfo> | Text/String | Audit log record type |
| RESULTCODE | <tag1> <result> | Text/String | Results |
| OBJECT | <object> | Text/String | Object name |
| USER | <login> <domain> | Text/String | Source user name |
| SIP | <sip> | IP Address | Source IP address |
| VERSION | <version> | Number | Version |
| ORGANIZATIONID | N/A | N/A | Organization ID |
| STARTTIME | N/A | N/A | Start time |
| CLIENTREQUESTID | N/A | N/A | Request ID information |
| CMDLETVERSION | <version> | Number | Command version |
| EFFECTIVEORGANIZATION | <domainorigin> | Text/String | N/A |
| USERSERVICEPLAN | N/A | N/A | N/A |
| CLIENTAPPLICATION | <parentprocessname> | Text/String | N/A |
| SECURITYCOMPLIANCECENTEREVENTTYPE | N/A | N/A | N/A |
| PARAMETERS | N/A | N/A | N/A |
| NONPIISPARAMETERS | N/A | N/A | N/A |
| OBJECTTYPE | <objecttype> | Text/String | N/A |
| From | <sender> | Text/String | N/A |
| Subjecttitle | <subject> | Text/String | N/A |
| F3u | <account> | Text/String | N/A |
| Sev | <severity> | Text/String | N/A |
| Name | <subject> | Text/String | N/A |