System Audit Log Messages
Vendor Documentation
https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-cef-system-audit-logs https://docs.trendmicro.com/en-us/documentation/article/trend-vision-one-syslog-content-mapping-cef |
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
System Audit Log Messages | Base Rule | System Audit Event | Other Audit |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
datetime | N/A | N/A | Local time in the format: "MMM dd yyyy HH:mm:ss" |
host | N/A | N/A | Hostname without the domain information |
Version | N/A | N/A | CEF format version, current CEF version is 0 |
Device Vendor | N/A | N/A | Appliance vendor |
Device Product | <vendorinfo> | Text/String | Appliance product |
Device Version | <version> | Text/String | Appliance version |
Device Event Class ID | <vmid> | Number | A unique identifier per event-type. This can be a string or an integer Workbench OR OAT |
Name | <objecttype> | Text/String | A string representing a human-readable and understandable description of the event |
Severity | <severity> | Number | Importance of the event |
rt | N/A | N/A | Logged time |
cat | N/A | N/A | category |
cn1 | N/A | N/A | Timestamp |
cs1 | <action> | Text/String | Activity |
msg | <subject> | Text/String | Details |
cn1Label | N/A | N/A | Corresponding label for the cn1 field |
cs1Label | N/A | N/A | Corresponding label for the cs1 field |