Syslog CyberArk - V 2.0 CyberArk Vault Audit Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
V 2.0 Cyberark Vault Audit Events | Base Rule | General Information Log Message | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
CEF:[number] | N/A | N/A | The CEF header and version. |
Device Vendor | N/A | N/A | Device Vendor |
Device Product | <vendorinfo> | Text/String | Device Product |
Device Version | <version> | Text/String | Version |
Event Type | <vmid> | Number | Device Event Class ID |
Event Name | <action> | Text/String | Device Event Class Name |
Severity | <severity> | Number | A numeric value that indicates the severity of the event. |
act | <action> | Text/String | A description of the reported event type. |
suser | <login> | Text/String | Source User Name |
fname | <object> | Text/String | Filename |
dvc | N/A | N/A | N/A |
shost | <sname> | Text/String/Number | Source host name |
dhost | <dname> | Text/String | Destination host address |
duser | <account> | Text/String | Destination user name |
externalId | N/A | N/A | Instance_GUID |
app | <protname> | Text/String | Application Protocol |
reason | <reason> | Text/String | Reason |
src | <sip> | IP Address | Source IP address |
dst | <dip> | IP Address | Destination IP address |
cs1Label | N/A | N/A | N/A |
cs1 | N/A | N/A | N/A |
cs2Label | N/A | N/A | N/A |
cs2 | N/A | N/A | N/A |
cs3Label | N/A | N/A | N/A |
cs3 | N/A | N/A | N/A |
cs4Label | N/A | N/A | Database_Name |
cs4 | N/A | N/A | N/A |
cs5Label | N/A | N/A | N/A |
cs5 | N/A | N/A | N/A |
cn1Label | N/A | N/A | N/A |
cn1 | N/A | N/A | N/A |
cn2Label | N/A | N/A | N/A |
cn1 | N/A | N/A | N/A |
msg | <subject> | Text/String | Description |