Skip to main content
Skip table of contents

V 2.0 : Group Events

Vendor Documentation


Rule NameRule TypeCommon EventClassification
V 2.0 : Group EventsBase RuleGroup InformationInformation
V 2.0 : Group CreatedSub RuleGroup CreatedAccount Created
V 2.0 : Group DeletedSub RuleGroup DeletedAccount Deleted
V 2.0 : Group Creation FailedSub RuleFailed To Create GroupError
V 2.0 : Group UpdatedSub RuleGroup Attribute ModifiedAccount Modified

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
N/AN/AN/AVendor or manufacturer name.
N/AN/AN/AProduct name.
N/AN/AN/AProduct version.
objectid<object>NumberThe ID of the object.
auditrowidN/AN/AThe row ID from the database table.
detailsN/AN/AContains a description of the action.
creationtimeN/AN/AThe UTC timestamp of when the object was created.
modificationtimeN/AN/AThe UTC timestamp of the last time that the object was modified.
lastmodifiedbyN/AN/AThe name of the user who last modified the object.
modifieruseridN/AN/AThe unique ID of the user who last modified the object. If the ID is 0, this is a system-generated event.
Details for the user who last modified the object.
modpersonaN/AN/ADetails for the persona who last modified the object. This field is null if no persona was used.
typeN/AN/AThe type of action that generated the audit entry. Values include:
0 - Create
1 - Update
2 - Delete
objectname<group>Text/StringThe name of the object that was modified. 
objecttypenameN/AN/AThe type of audit entry.
typename<tag1>Text/StringThe type of action that initiated the audit entry, in string form. Values include:
  • CreateObject
  • DeleteObject
  • FailedCreateObject
  • UpdateObject
audittype<vendorinfo>Text/StringThe type of audit entry.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.