Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
System Audit Log Messages |
Base Rule |
System Audit Event |
Other Audit |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
datetime |
N/A |
N/A |
Local time in the format: "MMM dd yyyy HH:mm:ss" |
|
host |
N/A |
N/A |
Hostname without the domain information |
|
Version |
N/A |
N/A |
CEF format version, current CEF version is 0 |
|
Device Vendor |
N/A |
N/A |
Appliance vendor |
|
Device Product |
<vendorinfo> |
Text/String |
Appliance product |
|
Device Version |
<version> |
Text/String |
Appliance version |
|
Device Event Class ID |
<vmid> |
Number |
A unique identifier per event-type. This can be a string or an integer Workbench OR OAT |
|
Name |
<objecttype> |
Text/String |
A string representing a human-readable and understandable description of the event |
|
Severity |
<severity> |
Number |
Importance of the event
|
|
rt |
N/A |
N/A |
Logged time |
|
cat |
N/A |
N/A |
category |
|
cn1 |
N/A |
N/A |
Timestamp |
|
cs1 |
<action> |
Text/String |
Activity |
|
msg |
<subject> |
Text/String |
Details |
|
cn1Label |
N/A |
N/A |
Corresponding label for the cn1 field |
|
cs1Label |
N/A |
N/A |
Corresponding label for the cs1 field |