Skip to main content
Skip table of contents

V 2.0 : Endpoint Application Control Event

Vendor Documentation


Rule Name

Rule Type


Common Event

V 2.0 : Endpoint Application Control EventBase RuleActivityGeneral Activity
V 2.0 : Endpoint Application Control : AllowedSub RuleActivityApplication Control Detection
V 2.0 : Endpoint Application Control : BlockedSub RuleFailed ActivityApplication Blocked

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
Header (logVer)N/AN/ACEF format version
Header (vendor)N/AN/AAppliance vendor
Header (pname)N/AN/AAppliance product
Header (pver)N/AN/AAppliance version
Header (eventid)N/AN/A0: Allow
1: Block
2: Lockdown
Header (eventName)<vmid> Text/StringEvent name
Header (severity)<severity>NumberSeverity
deviceExternalIdN/A N/AID
dvchostN/AN/AComputer name
rtN/AN/ALog generation time in UTC
shost<sname>Text/String/NumberClient host name
cs1LabelN/AN/ACorresponding label for the "cs1" field
cs1N/AN/AProduct server pattern version
suser<login>Text/String/NumberClient user name
cs2LabelN/AN/ACorresponding label for the "cs2" field
cs2<sip>IP AddressClient IPv4 address
c6a3<sip>IP AddressClient IPv6 address
cn1LabelN/AN/ACorresponding label for the "cn1" field
cn1N/AN/AClient status
1: Rebuilding database
2: Online
3: Offline
filehash<hash>Text/String/NumberApplication file SHA-1 hash
fname<process>Text/StringApplication file name
cs3LabelN/AN/ACorresponding label for the "cs3" field
cs3<command>Text/StringApplication process command line
duser<account>Text/String/NumberUser name
cs4LabelN/A N/ACorresponding label for the "cs4" field
cs4N/AN/ARule name
cs5LabelN/AN/ACorresponding label for the "cs5" field
cs5<policy>Text/StringPolicy name
Text/StringPolicy action
0: Allowed
1: Blocked
2: Reported as allowed
3: Reported as blocked
deviceFacilityN/AN/AProduct name
deviceNtDomainN/AN/AActive Directory domain
dntdomN/AN/AApex One domain hierarchy
ApexCentralHostN/AN/AApex Central host name
devicePayloadIdN/AN/AUnique message GUID
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.