Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Security and Compliance Center Messages |
Base Rule |
General Security Note |
Information |
|
Security and Compliance Center Error Message |
Sub Rule |
General Security Center Error |
Error |
|
Security and Compliance Center : Case Added |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Case Updated |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Case Viewed |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Hold Created |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Hold Updated |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Hold Viewed |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Search Created |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Search Previewed |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Search Removed |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Search Started |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Search Updated |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Search Viewed |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Viewed Search |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : Search Report |
Sub Rule |
General Security Center Information |
Information |
|
Security and Compliance Center : AlertTriggered |
Sub Rule |
Alert Manager Message |
Information |
|
Security and Compliance Center : AlertEntityGenera |
Sub Rule |
Alert Manager Message |
Information |
|
Security and Compliance Center : InsightGenerated |
Sub Rule |
Sever Generated Message |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
TS |
N/A |
N/A |
N/A |
|
SESSID |
<session> |
Text/String |
Session information |
|
COMMAND |
<command> |
Text/String |
Command name |
|
USERTYPE |
N/A |
N/A |
Type of user |
|
USERKEY |
N/A |
N/A |
User key informations hexadecimal value |
|
WORKLOAD |
<process> <vendorinfo> |
Text/String |
Audit log record type |
|
RESULTCODE |
<tag1> <result> |
Text/String |
Results |
|
OBJECT |
<object> |
Text/String |
Object name |
|
USER |
<login>
|
Text/String |
Source user name |
|
SIP |
<sip> |
IP Address |
Source IP address |
|
VERSION |
<version> |
Number |
Version |
|
ORGANIZATIONID |
N/A |
N/A |
Organization ID |
|
STARTTIME |
N/A |
N/A |
Start time |
|
CLIENTREQUESTID |
N/A |
N/A |
Request ID information |
|
CMDLETVERSION |
<version> |
Number |
Command version |
|
EFFECTIVEORGANIZATION |
<domainorigin> |
Text/String |
N/A |
|
USERSERVICEPLAN |
N/A |
N/A |
N/A |
|
CLIENTAPPLICATION |
<parentprocessname> |
Text/String |
N/A |
|
SECURITYCOMPLIANCECENTEREVENTTYPE |
N/A |
N/A |
N/A |
|
PARAMETERS |
N/A |
N/A |
N/A |
|
NONPIISPARAMETERS |
N/A |
N/A |
N/A |
|
OBJECTTYPE |
<objecttype> |
Text/String |
N/A |
|
From |
<sender> |
Text/String |
N/A |
|
Subjecttitle |
<subject> |
Text/String |
N/A |
|
F3u |
<account> |
Text/String |
N/A |
|
Sev |
<severity> |
Text/String |
N/A |
|
Name |
<subject> |
Text/String |
N/A |