V 2.0 : Engine Update Status Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| V 2.0 : Engine Update Status Event | Base Rule | Information | General Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Header (logVer) | N/A | N/A | CEF format version |
| Header (vendor) | N/A | N/A | Product vendor |
| Header (pname) | N/A | N/A | Product name |
| Header (pver) | N/A | N/A | Product version |
| Header (eventid) | N/A | N/A | Event ID |
| Header (eventName) | <vmid> | Text/String | Log name |
| Header (severity) | <severity> | Number | Severity |
| rt | N/A | N/A | Log generation time in UTC |
| shost | <sname> | Text/String/Number | Product Entity/Endpoint |
| cs2Label | N/A | N/A | Corresponding label for the "cs2" field |
| cs2 | <sip> | IP Address | Product/Endpoint IP |
| cn1Label | N/A | N/A | Connection status |
| cn1 | <status> | Number | Connection status 0: Unable to connect 1: Active 2: Inactive 100: Product active 101: Product inactive but agent is active 102: Roaming |
| cn2Label | N/A | N/A | Corresponding label for the "cn2" field |
| cn2 | N/A | N/A | Engine |
| cn5Label | N/A | N/A | Corresponding label for the "cn5" field |
| cs5 | <version> | Text/String/Number | Engine version |
| cn3Level | N/A | N/A | Corresponding label for the "cn3" field |
| cn3 | N/A | N/A | Engine Status 0: Unused 1: In use |
| cs6Label | N/A | N/A | Corresponding label for the "cs6" field |
| cs6 | N/A | N/A | ActiveUpdate component type 1: Engine |
| deviceFacility | N/A | N/A | Product name |
| msg | N/A | N/A | Engine type display name |
| ApexCentralHost | N/A | N/A | Apex Central host name |
| deviceNtDomain | N/A | N/A | Active Directory domain |
| dntdom | N/A | N/A | Apex One domain hierarchy |