V 2.0 : Identity Awareness Events
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : Identity Awareness Events | Base Rule | General Information | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| virtuallogsource | N/A | N/A | N/A |
| subproduct | N/A | N/A | N/A |
| product | <vmid> | Text/String | Product name |
| Originip | N/A | N/A | IP of the log origin |
| origin | N/A | N/A | Name of the first Security Gateway that reported this event |
| Action | <action> | Text/String | N/A |
| SIP | <sip> | IP Address | Source IP |
| SPort | N/A | N/A | Source host port number |
| DIP | N/A | N/A | Destination IP |
| dport | N/A | N/A | N/A |
| protocol | N/A | N/A | Protocol detected on the connection |
| ifname | N/A | N/A | The name of the Security Gateway interface through which a connection traverses |
| ifdirection | N/A | N/A | N/A |
| reason | N/A | N/A | Information on the error that occurred |
| Rule | N/A | N/A | N/A |
| Info | N/A | N/A | N/A |
| XlateSIP | N/A | N/A | N/A |
| XlateSport | N/A | N/A | N/A |
| XlateDIP | N/A | N/A | N/A |
| XlateDPort | N/A | N/A | N/A |
| user | <login> | Text/String | Source user name |
| src_user_name | N/A | N/A | N/A |
| endpoint_ip | N/A | N/A | N/A |
| domain_name | <domainorigin> | Text/String | N/A |
| identity_src | N/A | N/A | N/A |
| Query_snid | <session> | Text/String | N/A |
| termination_reason | <reason> | Text/String | N/A |
| duration | <duration> | Number | N/A |
| identity_type | N/A | N/A | N/A |
| description | <vendorinfo> | Text/String | N/A |
| auth_status | <status> | Text/String | N/A |
| auth_method | N/A | N/A | N/A |
| src_user_group | <group> | Text/String | N/A |
| src_machine_group | N/A | N/A | N/A |
| src_machine_name | <sname> | Text/String | N/A |
| PolicyName | N/A | N/A | N/A |
| client_name | N/A | N/A | N/A |
| client_ip_host | N/A | N/A | N/A |
| time | N/A | N/A | The time stamp when the log was created |
| alert | N/A | N/A | N/A |
| flags | N/A | N/A | N/A |
| logid | N/A | N/A | N/A |
| loguid | N/A | N/A | UUID of unified logs |
| originsicname | N/A | N/A | Machine SIC |
| sequencenum | N/A | N/A | Number added to order logs with the same Linux timestamp and origin |
| version | N/A | N/A | N/A |
| authentication_trial | N/A | N/A | N/A |
| browser | N/A | N/A | N/A |
| client_build | N/A | N/A | N/A |
| client_version | N/A | N/A | N/A |
| device_identification | N/A | N/A | N/A |
| host_type | N/A | N/A | N/A |
| lastupdatetime | N/A | N/A | N/A |
| latitude | N/A | N/A | N/A |
| longitude | N/A | N/A | N/A |
| macsourceaddress | N/A | N/A | N/A |
| os_bits | N/A | N/A | N/A |
| os_build | N/A | N/A | N/A |
| os_edition | N/A | N/A | N/A |
| os_name | N/A | N/A | N/A |
| os_service_pack | N/A | N/A | N/A |
| os_version | N/A | N/A | N/A |
| roles | N/A | N/A | N/A |