V 2.0 : Group Events

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
V 2.0 : Group Events	Base Rule	Group Information	Information
V 2.0 : Group Created	Sub Rule	Group Created	Account Created
V 2.0 : Group Deleted	Sub Rule	Group Deleted	Account Deleted
V 2.0 : Group Creation Failed	Sub Rule	Failed To Create Group	Error
V 2.0 : Group Updated	Sub Rule	Group Attribute Modified	Account Modified

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	N/A	N/A	Vendor or manufacturer name.
N/A	N/A	N/A	Product name.
N/A	N/A	N/A	Product version.
N/A	N/A	N/A	EventID.
objectid	<object>	Number	The ID of the object.
auditrowid	N/A	N/A	The row ID from the database table.
details	N/A	N/A	Contains a description of the action.
creationtime	N/A	N/A	The UTC timestamp of when the object was created.
modificationtime	N/A	N/A	The UTC timestamp of the last time that the object was modified.
lastmodifiedby	N/A	N/A	The name of the user who last modified the object.
modifieruserid	N/A	N/A	The unique ID of the user who last modified the object. If the ID is 0, this is a system-generated event.
moduser	<login> <domainorigin>	Text/String Text/String	Details for the user who last modified the object.
modpersona	N/A	N/A	Details for the persona who last modified the object. This field is null if no persona was used.
type	N/A	N/A	The type of action that generated the audit entry. Values include: 0 - Create 1 - Update 2 - Delete
objectname	<group>	Text/String	The name of the object that was modified.
objecttypename	N/A	N/A	The type of audit entry.
typename	<tag1>	Text/String	The type of action that initiated the audit entry, in string form. Values include: CreateObject DeleteObject FailedCreateObject UpdateObject
audittype	<vendorinfo>	Text/String	The type of audit entry.