Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
V 2.0: General Diagnostics Event |
Base Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: NOT SET Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: SERVICE START Messages |
Sub Rule |
Service Started |
Information |
|
V 2.0: SERVICE TERMINATE Messages |
Sub Rule |
Process/Service Stopped |
Startup and Shutdown |
|
V 2.0: ELASTIC SEARCH HEALTH Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: DRIVE 50 PERCENT Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: DRIVE 90 PERCENT Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: SEARCH Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: AUTHENTICATION SUCCESS Messages |
Sub Rule |
General Authentication Information |
Information |
|
V 2.0: AUTHENTICATION FAILURE Messages |
Sub Rule |
General Authentication Information |
Information |
|
V 2.0: LOGOUT Messages |
Sub Rule |
Logout Request |
Information |
|
V 2.0: EXPIRED SESSION Messages |
Sub Rule |
Session Message |
Information |
|
V 2.0: NM CONFIG CHANGE Messages |
Sub Rule |
Configuration Information |
Information |
|
V 2.0: SECURITY CONFIG CHANGE Messages |
Sub Rule |
Configuration Information |
Information |
|
V 2.0: PASSWORD CHANGE Messages |
Sub Rule |
Performing Password Change |
Information |
|
V 2.0: USER CREATED Messages |
Sub Rule |
User Account Created |
Account Created |
|
V 2.0: USER SETTING CHANGED Messages |
Sub Rule |
Object Modified |
Access Success |
|
V 2.0: FILE RECONSTRUCTION Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: PCAP RECONSTRUCTION Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: USER DELETED Messages |
Sub Rule |
User Account Deleted |
Account Deleted |
|
V 2.0: RESTART SERVICES Messages |
Sub Rule |
Process/Service Restarting |
Startup and Shutdown |
|
V 2.0: SHUTDOWN Messages |
Sub Rule |
System Shutdown |
Startup and Shutdown |
|
V 2.0: REBOOT Messages |
Sub Rule |
Process/Service Restarting |
Startup and Shutdown |
|
V 2.0: LICENSE CHANGE Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: NM UPGRADE Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: DPA RULE ADDED Messages |
Sub Rule |
Object Added |
Access Success |
|
V 2.0: DPA RULE ENABLED Messages |
Sub Rule |
Object Modified |
Access Success |
|
V 2.0: DPA RULE DISABLED Messages |
Sub Rule |
Object Modified |
Access Success |
|
V 2.0: DPA RULE MODIFIED Messages |
Sub Rule |
Object Modified |
Access Success |
|
V 2.0: DPA RULE UPLOADED Messages |
Sub Rule |
Object Modified |
Access Success |
|
V 2.0: DPA RULE DELETED Messages |
Sub Rule |
Object Deleted/Removed |
Access Success |
|
V 2.0: NM UPGRADE FAILURE Messages |
Sub Rule |
Object Update Failed |
Error |
|
V 2.0: NM UPGRADE SUCCES Messages |
Sub Rule |
Object Modified |
Access Success |
|
V 2.0: FILE DOWNLOADED Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: FILE UPLOADED Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
|
V 2.0: DPA RULES RELOADED Messages |
Sub Rule |
LogRhythm Diagnostics Event |
Other Operations |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
N/A |
<severity> |
Text/String |
N/A |
|
N/A |
N/A |
N/A |
N/A |
|
N/A |
N/A |
N/A |
N/A |
|
N/A |
N/A |
N/A |
N/A |
|
N/A |
N/A |
N/A |
N/A |
|
N/A |
N/A |
N/A |
N/A |
|
CODE |
<vmid>
|
Number |
N/A |
|
SEVERITY |
<severity> |
Text/String |
N/A |
|
SERVICENAME |
<objectname> |
Text/String |
N/A |
|
EVENT |
<process> |
Text/String |
N/A |
|
USER |
<login> |
Text/String |
N/A |
|
IP |
<sip> |
Ip Address |
N/A |
|
MESSAGE |
<subject> |
Text/String |
N/A |