Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Sway Messages |
Base Rule |
General Application Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
TS |
N/A |
N/A |
N/A |
|
SESSID |
<session> |
Text/String |
Session information |
|
COMMAND |
<command> |
Text/String |
Command name |
|
USERTYPE |
N/A |
N/A |
Type of user |
|
USERKEY |
N/A |
N/A |
User key informations hexadecimal value |
|
WORKLOAD |
<process> <vendorinfo> |
Text/String |
Audit log record type |
|
RESULTCODE |
N/A |
N/A |
Results |
|
OBJECT |
<object> |
Text/String |
Object name |
|
USER |
<login> <domain> |
Text/String |
Source user name |
|
SIP |
<sip> |
IP Address |
Source IP address |
|
VERSION |
<version> |
Number |
Version |
|
ORGANIZATIONID |
N/A |
N/A |
Organization ID |
|
OBJECTTYPE |
N/A |
N/A |
Object type |
|
ENDPOINT |
N/A |
N/A |
Endpoint name |
|
BROWSERNAME |
<useragent> |
Text/String |
Browser name |
|
DEVICETYPE |
N/A |
N/A |
Device type |
|
SWAYLOOKUPID |
N/A |
N/A |
Sway lookup ID |
|
SITEURL |
<url> |
Text/String |
URL link |
|
OPERATIONRESULT |
N/A |
N/A |
N/A |