Syslog - Imperva SecureSphere: V 2.0 : System Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
V 2.0: System Events | Base Rule | General System Event | Information |
V 2.0: User Logged In | Sub Rule | User Logon | Authentication Success |
V 2.0: Agent Status Changed | Sub Rule | Service Status Change | Other Audit Success |
V 2.0: Audit Error | Sub Rule | Audit Record Error | Error |
V 2.0: Agent Disk Quota Exceeded | Sub Rule | Limit Exceeded | Warning |
V 2.0: User Logged Out | Sub Rule | User Logoff | Authentication Success |
V 2.0: Gateway Throughput | Sub Rule | Gateway Message | Information |
V 2.0: Policy Changed | Sub Rule | General Policy Change | Other Audit |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
CEF:Version | N/A | N/A | N/A |
N/A | N/A | N/A | Device Vendor |
N/A | N/A | N/A | Device Product |
N/A | <version> | Text/String | Device Version |
N/A | <vmid> | Text/String | deviceEventClassId |
N/A | <subject> | Text/String | Name |
<tag2> | Text/String | ||
<sname> | Text/String | ||
<sip> | IP Address | ||
<action> | Text/String | ||
<policy> | Text/String | ||
<status> | Text/String | ||
N/A | <severity> | Text/String | Severity |
suser | <login> | Text/String | The system user who caused the event. It can |
rt | N/A | N/A | The system event time |
cat | <objecttype> | Text/String | The type of the event |