Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : Systemevent : Endpoint |
Base Rule |
General Endpoint Message |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
timestamp |
N/A |
N/A |
N/A |
|
devname |
N/A |
N/A |
N/A |
|
devid |
N/A |
N/A |
N/A |
|
vd |
<sessiontype> |
Text/String |
N/A |
|
itime |
N/A |
N/A |
N/A |
|
fctsn |
N/A |
N/A |
N/A |
|
date |
N/A |
N/A |
N/A |
|
time |
N/A |
N/A |
N/A |
|
logver |
<version> |
Number |
N/A |
|
id |
N/A |
N/A |
N/A |
|
type |
<vendorinfo> |
Text/String |
N/A |
|
subtype |
N/A |
N/A |
N/A |
|
eventtype |
N/A |
N/A |
N/A |
|
level |
<severity> |
Text/String |
N/A |
|
uid |
N/A |
N/A |
N/A |
|
hostname |
<sname> |
Text/String |
N/A |
|
pcdomain |
<domainorigin> |
Text/String |
N/A |
|
deviceip |
<sip> |
IP Address |
N/A |
|
devicemac |
<smac> |
Text/String |
N/A |
|
site |
N/A |
N/A |
N/A |
|
fctver |
N/A |
N/A |
N/A |
|
fgtserial |
N/A |
N/A |
N/A |
|
emsserial |
N/A |
N/A |
N/A |
|
usingpolicy |
<policy> |
Text/String |
N/A |
|
os |
<objecttype> |
Text/String |
N/A |
|
user |
<login> |
Text/String |
N/A |
|
msg |
<action> |
Text/String |
N/A |
|
emshostname |
N/A |
N/A |
N/A |
|
status |
<status> |
Text/String |
N/A |
|
emsip |
N/A |
N/A |
N/A |
|
tz |
N/A |
N/A |
N/A |