Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 Cyberark Vault Audit Events |
Base Rule |
General Information Log Message |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
CEF:[number] |
N/A |
N/A |
The CEF header and version.
|
|
Device Vendor |
N/A |
N/A |
Device Vendor
|
|
Device Product |
<vendorinfo> |
Text/String |
Device Product |
|
Device Version |
<version> |
Text/String |
Version |
|
Event Type |
<vmid>
|
Number |
Device Event Class ID
|
|
Event Name |
<action> |
Text/String |
Device Event Class Name
|
|
Severity |
<severity> |
Number |
A numeric value that indicates the severity of the event. |
|
act |
<action> |
Text/String |
A description of the reported event type. |
|
suser |
<login> |
Text/String |
Source User Name |
|
fname |
<object> |
Text/String |
Filename |
|
dvc |
N/A |
N/A |
N/A |
|
shost |
<sname> |
Text/String/Number |
Source host name |
|
dhost |
<dname> |
Text/String |
Destination host address |
|
duser |
<account> |
Text/String |
Destination user name |
|
externalId |
N/A |
N/A |
Instance_GUID |
|
app |
<protname> |
Text/String |
Application Protocol |
|
reason |
<reason> |
Text/String |
Reason |
|
src |
<sip> |
IP Address |
Source IP address |
|
dst |
<dip> |
IP Address |
Destination IP address |
|
cs1Label |
N/A |
N/A |
N/A |
|
cs1 |
N/A |
N/A |
N/A |
|
cs2Label |
N/A |
N/A |
N/A |
|
cs2 |
N/A |
N/A |
N/A |
|
cs3Label |
N/A |
N/A |
N/A |
|
cs3 |
N/A |
N/A |
N/A |
|
cs4Label |
N/A |
N/A |
Database_Name |
|
cs4 |
N/A |
N/A |
N/A |
|
cs5Label |
N/A |
N/A |
N/A |
|
cs5 |
N/A |
N/A |
N/A |
|
cn1Label |
N/A |
N/A |
N/A |
|
cn1 |
N/A |
N/A |
N/A |
|
cn2Label |
N/A |
N/A |
N/A |
|
cn1 |
N/A |
N/A |
N/A |
|
cn2:targetaccount |
<account> |
Text/String |
N/A |
|
cn2:targetaddress |
<domainimpacted> |
Text/String |
N/A |
|
msg |
<subject> |
Text/String |
Description |