Skip to main content
Skip table of contents

V 2.0 : Endpoint Security Mgmt Event

Vendor Documentation

Classification

Rule NameRule TypeCommon EventClassification
V 2.0 : Endpoint Security Mgmt EventBase RuleGeneral InformationInformation
V 2.0 : Endpoint Console : Create ObjectSub RuleObject CreatedAccess Success
V 2.0 : Endpoint Console : Delete ObjectSub RuleObject Deleted/RemovedAccess Success
V 2.0 : Endpoint Console : Install PolicySub RulePolicy Enabled : SystemPolicy
V 2.0 : Endpoint Console : Modify ObjectSub RuleObject ModifiedAccess Success
V 2.0 : Endpoint Console : UnAssign PolicySub RulePolicy Disabled : SystemPolicy

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
product<vmid>Text/StringProduct name
Originip<dip>IP AddressIP of the log origin 
originN/AN/AName of the first Security Gateway that reported this event
operation<action>
<tag1>
Text/StringThe type of operation done on the object or rule
subject<vendorinfo>Text/StringAudit log category
status<status>Text/StringN/A
administrator<login>Text/StringUser who performed the operation
clientN/AN/AN/A
performedon<object>Text/StringThe name of the object that is affected by the action
objecttableN/AN/AN/A
objecttype<objecttype>Text/StringThe type of the affected object
generalinformation<subject>Text/StringN/A
timeN/AN/AThe time stamp when the log was created
ActionN/AN/AN/A
ifdirectionN/AN/AConnection direction
ifnameN/AN/AThe name of the Security Gateway interface through which a connection traverses
alertN/AN/AN/A
client_ip_host<sip>IP AddressN/A
flagsN/AN/ACheckpoint internal field
loguidN/AN/AUUID  of unified logs 
originsicnameN/AN/AMachine SIC  
sequencenumN/AN/ANumber added to order logs with the same Linux timestamp and origin
versionN/AN/AN/A
advanced_changesN/AN/AN/A
fieldschangesN/AN/AN/A
logic_changesN/AN/AN/A
sendtotrackerasadvancedauditlogN/AN/AN/A
session_uidN/AN/AN/A
securitypolicy<policy>Text/StringN/A
uidN/AN/AN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.