V 2.0 : Endpoint Management Event
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : Endpoint Management Event | Base Rule | General Information | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| product | <vmid> | Text/String | Product name |
| Originip | <dip> | IP Address | IP of the log origin |
| origin | N/A | N/A | Name of the first Security Gateway that reported this event |
| operation | <action> | Text/String | The type of operation done on the object or rule |
| subject | <vendorinfo> | Text/String | Audit log category |
| status | <status> | Text/String | N/A |
| administrator | <login> | Text/String | User who performed the operation |
| client | N/A | N/A | N/A |
| performedon | <object> | Text/String | The name of the object that is affected by the action |
| objecttable | N/A | N/A | N/A |
| objecttype | <objecttype> | Text/String | The type of the affected object |
| generalinformation | <subject> | Text/String | N/A |
| time | N/A | N/A | The time stamp when the log was created |
| Action | N/A | N/A | N/A |
| ifdirection | N/A | N/A | Connection direction |
| ifname | N/A | N/A | The name of the Security Gateway interface through which a connection traverses |
| alert | N/A | N/A | N/A |
| flags | N/A | N/A | Checkpoint internal field |
| loguid | N/A | N/A | UUID of unified logs |
| originsicname | N/A | N/A | Machine SIC |
| sequencenum | N/A | N/A | Number added to order logs with the same Linux timestamp and origin |
| version | N/A | N/A | N/A |