Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
V 2.0 : Database Audit Events |
Base Rule |
General Audit Message |
Other Audit |
|
V 2.0 : Login |
Sub Rule |
User Logon |
Authentication Success |
|
V 2.0 : Logout |
Sub Rule |
User Logoff |
Authentication Success |
|
V 2.0 : Database Query |
Sub Rule |
Command Executed |
Access Success |
|
V 2.0 : Login Failure |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
V 2.0 : Execute Query Failure |
Sub Rule |
Command Execution Failure |
Access Failure |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
CEF:Version |
N/A |
N/A |
N/A |
|
N/A |
N/A |
N/A |
Device Vendor |
|
N/A |
N/A |
N/A |
Device Product |
|
N/A |
<version> |
Text/String/Number |
Device Version |
|
N/A |
<vmid> |
Text/String |
deviceEventClassId |
|
N/A |
N/A |
N/A |
Name |
|
N/A |
<severity> |
Text/String |
Severity |
|
dst |
<dip> |
Ip Address |
Identifies the destination an event refers to in an IP network in IPv4 format. |
|
dpt |
<dport> |
Number |
Identifies the destination by port number. |
|
duser |
<account> |
Text/String |
Identifies the destination user by name. This
|
|
src |
<sip> |
Ip Address |
Identifies source an event refers to in an IP network in IPv4 format. |
|
spt |
<sport> |
Number |
Identifies the source by port number. |
|
proto |
<protname> |
Text/String |
Identifies the Layer-4 protocol used. Possible
|
|
rt |
N/A |
N/A |
The time when the event
|
|
cat |
<subject> |
Text/String |
Represents the category assigned to the originating device. |
|
cs1Label |
N/A |
N/A |
N/A |
|
cs2 |
<group> |
Text/String |
N/A |
|
cs2Label |
N/A |
N/A |
N/A |
|
cs3 |
N/A |
N/A |
N/A |
|
cs3Label |
N/A |
N/A |
N/A |
|
cs4 |
<objecttype> |
Text/String |
N/A |
|
cs4Label |
N/A |
N/A |
N/A |
|
cs5 |
N/A |
N/A |
N/A |
|
cs5Label |
N/A |
N/A |
N/A |
|
cs6 |
<vendorinfo>
|
Text/String |
N/A |
|
cs6Label |
N/A |
N/A |
N/A |
|
cs7 |
N/A |
N/A |
N/A |
|
cs7Label |
N/A |
N/A |
N/A |
|
cs8 |
<result>
|
Text/String |
N/A |
|
cs8Label |
N/A |
N/A |
N/A |
|
cs9 |
N/A |
N/A |
N/A |
|
cs9Label |
N/A |
N/A |
N/A |
|
cs10 |
<process> |
Text/String |
N/A |
|
cs10Label |
N/A |
N/A |
N/A |
|
cs11 |
<login> |
Text/String |
N/A |
|
cs11Label |
N/A |
N/A |
N/A |
|
cs12 |
<sname> |
Text/String |
N/A |
|
cs12Label |
N/A |
N/A |
N/A |
|
cs13 |
<object> |
Text/String |
N/A |
|
cs13Label |
N/A |
N/A |
N/A |
|
cs14 |
N/A |
N/A |
N/A |
|
cs14Label |
N/A |
N/A |
N/A |
|
cs15 |
<command> |
Text/String |
N/A |
|
cs15Label |
N/A |
N/A |
N/A |
|
cs16 |
N/A |
N/A |
N/A |
|
cs16Label |
N/A |
N/A |
N/A |
|
cs17 |
N/A |
N/A |
N/A |
|
cs17Label |
N/A |
N/A |
N/A |
|
cs18 |
<reason> |
Text/String |
N/A |
|
cs18Label |
N/A |
N/A |
N/A |
|
cs19 |
N/A |
N/A |
N/A |
|
cs19Label |
N/A |
N/A |
N/A |
|
cs20 |
N/A |
N/A |
N/A |
|
cs20Label |
N/A |
N/A |
N/A |
|
cs21 |
N/A |
N/A |
N/A |
|
cs21Label |
N/A |
N/A |
N/A |