Syslog - Imperva SecureSphere: V 2.0 : Database Audit Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
V 2.0 : Database Audit Events | Base Rule | General Audit Message | Other Audit |
V 2.0 : Login | Sub Rule | User Logon | Authentication Success |
V 2.0 : Logout | Sub Rule | User Logoff | Authentication Success |
V 2.0 : Database Query | Sub Rule | Command Executed | Access Success |
V 2.0 : Login Failure | Sub Rule | User Logon Failure | Authentication Failure |
V 2.0 : Execute Query Failure | Sub Rule | Command Execution Failure | Access Failure |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
CEF:Version | N/A | N/A | N/A |
N/A | N/A | N/A | Device Vendor |
N/A | N/A | N/A | Device Product |
N/A | <version> | Text/String/Number | Device Version |
N/A | <vmid> | Text/String | deviceEventClassId |
N/A | N/A | N/A | Name |
N/A | <severity> | Text/String | Severity |
dst | <dip> | Ip Address | Identifies the destination an event refers to in an IP network in IPv4 format. |
dpt | <dport> | Number | Identifies the destination by port number. |
duser | <account> | Text/String | Identifies the destination user by name. This |
src | <sip> | Ip Address | Identifies source an event refers to in an IP network in IPv4 format. |
spt | <sport> | Number | Identifies the source by port number. |
proto | <protname> | Text/String | Identifies the Layer-4 protocol used. Possible |
rt | N/A | N/A | The time when the event |
cat | <subject> | Text/String | Represents the category assigned to the originating device. |
cs1Label | N/A | N/A | N/A |
cs2 | <group> | Text/String | N/A |
cs2Label | N/A | N/A | N/A |
cs3 | N/A | N/A | N/A |
cs3Label | N/A | N/A | N/A |
cs4 | <objecttype> | Text/String | N/A |
cs4Label | N/A | N/A | N/A |
cs5 | N/A | N/A | N/A |
cs5Label | N/A | N/A | N/A |
cs6 | <vendorinfo> | Text/String | N/A |
cs6Label | N/A | N/A | N/A |
cs7 | N/A | N/A | N/A |
cs7Label | N/A | N/A | N/A |
cs8 | <result> | Text/String | N/A |
cs8Label | N/A | N/A | N/A |
cs9 | N/A | N/A | N/A |
cs9Label | N/A | N/A | N/A |
cs10 | <process> | Text/String | N/A |
cs10Label | N/A | N/A | N/A |
cs11 | <login> | Text/String | N/A |
cs11Label | N/A | N/A | N/A |
cs12 | <sname> | Text/String | N/A |
cs12Label | N/A | N/A | N/A |
cs13 | <object> | Text/String | N/A |
cs13Label | N/A | N/A | N/A |
cs14 | N/A | N/A | N/A |
cs14Label | N/A | N/A | N/A |
cs15 | <command> | Text/String | N/A |
cs15Label | N/A | N/A | N/A |
cs16 | N/A | N/A | N/A |
cs16Label | N/A | N/A | N/A |
cs17 | N/A | N/A | N/A |
cs17Label | N/A | N/A | N/A |
cs18 | <reason> | Text/String | N/A |
cs18Label | N/A | N/A | N/A |
cs19 | N/A | N/A | N/A |
cs19Label | N/A | N/A | N/A |
cs20 | N/A | N/A | N/A |
cs20Label | N/A | N/A | N/A |
cs21 | N/A | N/A | N/A |
cs21Label | N/A | N/A | N/A |