ServerAuditReports Log Messages

Vendor Documentation

https://demo.adauditplus.com/help/index.html

Classification

Rule Name	Rule Type	Common Event	Classification
ServerAuditReports Log Messages	Base Rule	General Audit Messages	Information

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	<severity>	Text/String	N/A
Category	<object>	Text/String	N/A
REPORT_PROFILE	<objectname>	Text/String	N/A
TIME_GENERATED	N/A	N/A	N/A
RECORD_NUMBER	N/A	N/A	N/A
EVENT_NUMBER	N/A	N/A	N/A
EVENT_TYPE	N/A	N/A	N/A
EVENT_TYPE_TEXT	<status>	Text/String	N/A
SOURCE	<login>	Text/String	N/A
AUTHENTICATION_PACKAGE_NAME	N/A	N/A	N/A
LOGON_PROCESS_NAME	<process>	Text/String	N/A
ACCOUNT_NAME	<dname>	Text/String	N/A
ACCOUNT_DOMAIN	<domainimpacted>	Text/String	N/A
ACCOUNT_SID	N/A	N/A	N/A
PRIMARY_LOGON_ID	N/A	N/A	N/A
CALLER_USER_NAME	N/A	N/A	N/A
CALLER_USER_DOMAIN	N/A	N/A	N/A
CALLER_LOGON_ID	N/A	N/A	N/A
NOTIFICATION_PACKAGE_NAME	N/A	N/A	N/A
PROCESS_ID	N/A	N/A	N/A
PROCESS_NAME	N/A	N/A	N/A
TOKEN_ELEVATION_TYPE	N/A	N/A	N/A
PREVIOUS_TIME	N/A	N/A	N/A
NEW_TIME	N/A	N/A	N/A
USER_RIGHTS	N/A	N/A	N/A
USER_RIGHTS_VALUE	N/A	N/A	N/A
POLICY_CATEGORY	N/A	N/A	N/A
POLICY_SUB_CATEGORY	N/A	N/A	N/A
POLICY_CHANGES	N/A	N/A	N/A
FILE_NAME	<parentprocessname>	Text/String	N/A
APPLICATION_NAME	N/A	N/A	N/A
SCHEDULE_TIME	N/A	N/A	N/A
SCHEDULE_AT	N/A	N/A	N/A
FORMAT_MESSAGE	<subject>	Text/String	N/A
SAM_ACCOUNT_NAME	N/A	N/A	N/A
DISPLAY_NAME	N/A	N/A	N/A
HOME_DIRECTORY	N/A	N/A	N/A
HOME_DRIVE	N/A	N/A	N/A
SCRIPT_PATH	N/A	N/A	N/A
PROFILE_PATH	N/A	N/A	N/A
PWD_LAST_SET	N/A	N/A	N/A
ACCOUNT_EXPIRY_DATE	N/A	N/A	N/A
PRIMARY_GROUP_ID	N/A	N/A	N/A
OLD_UAC_VALUE	N/A	N/A	N/A
NEW_UAC_VALUE	N/A	N/A	N/A
USER_ACCOUNT_CONTROL	N/A	N/A	N/A
LOGON_HOURS	N/A	N/A	N/A
REMARKS	<reason>	Text/String	N/A
USER_PRINCIPAL_NAME	N/A	N/A	N/A
CALLER_USER_SID	N/A	N/A	N/A
USER_MGMT_TYPE	N/A	N/A	N/A
LOGON_TO	N/A	N/A	N/A
MEMBER_NAME	N/A	N/A	N/A
MEMBER_SID	N/A	N/A	N/A
GROUP_TYPE	N/A	N/A	N/A
GROUP_SCOPE	N/A	N/A	N/A
CALLER_MACHINE_NAME	N/A	N/A	N/A