Sway Messages
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Sway Messages | Base Rule | General Application Information | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| TS | N/A | N/A | N/A |
| SESSID | <session> | Text/String | Session information |
| COMMAND | <command> | Text/String | Command name |
| USERTYPE | N/A | N/A | Type of user |
| USERKEY | N/A | N/A | User key informations hexadecimal value |
| WORKLOAD | <process> <vendorinfo> | Text/String | Audit log record type |
| RESULTCODE | N/A | N/A | Results |
| OBJECT | <object> | Text/String | Object name |
| USER | <login> <domain> | Text/String | Source user name |
| SIP | <sip> | IP Address | Source IP address |
| VERSION | <version> | Number | Version |
| ORGANIZATIONID | N/A | N/A | Organization ID |
| OBJECTTYPE | N/A | N/A | Object type |
| ENDPOINT | N/A | N/A | Endpoint name |
| BROWSERNAME | <useragent> | Text/String | Browser name |
| DEVICETYPE | N/A | N/A | Device type |
| SWAYLOOKUPID | N/A | N/A | Sway lookup ID |
| SITEURL | <url> | Text/String | URL link |
| OPERATIONRESULT | N/A | N/A | N/A |