V 2.0 Internal MDM Event
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 Internal MDM Event | Base Rule | General MDM Information | Information |
| V 2.0 EVID 89050 Administrative Action Submitted | Sub Rule | General Administrative Operation | Information |
| V 2.0 EVID 89051 Administrative Action Delivered | Sub Rule | General Administrative Operation | Information |
| V 2.0 EVID 89052 Administrative Action Failed | Sub Rule | Action Failure | Error |
| V 2.0 EVID 89100 Device Enrollment Initiated | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89101 Device Enrollment Failed | Sub Rule | Device Initialization Failed | Critical |
| V 2.0 EVID 89102 Device Enrolled Successfully | Sub Rule | Successful Activity | Other Audit Success |
| V 2.0 EVID 89103 Device Deregistered | Sub Rule | Device Unregistered | Warning |
| V 2.0 EVID 89104 Device Service Initialized | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89105 Device Svc Initialization Fail | Sub Rule | General Failed Activity | Failed Activity |
| V 2.0 EVID 89106 Device Service Stopped | Sub Rule | Process/Service Stopped | Startup and Shutdown |
| V 2.0 EVID 89107 Unable To Send Notifications | Sub Rule | General Notification | Information |
| V 2.0 EVID 89108 APNS Certificate Expired | Sub Rule | Certificate Expired | Warning |
| V 2.0 EVID 89109 Endpoint Certificate Expire | Sub Rule | Certificate Expired | Warning |
| V 2.0 EVID 89110 Dev Check Not Auth. Expired Cert | Sub Rule | Certificate Expired | Warning |
| V 2.0 EVID 89111 Device Check Authorized | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89112 Certificate Renewed | Sub Rule | Certificate Renewal Request | Activity |
| V 2.0 EVID 89113 Inactive Device Detected | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89114 GeoLocation Coordinates Receive | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89115 Profile Installed | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89116 Profile Removed | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89117 Application Installed | Sub Rule | General Application Information | Information |
| V 2.0 EVID 89118 Application Removed | Sub Rule | General Application Information | Information |
| V 2.0 EVID 89119 Device Reassessment Failed | Sub Rule | General Failed Activity | Failed Activity |
| V 2.0 EVID 89132 Endpoint Cert Going To Expired | Sub Rule | General Endpoint Message | Information |
| V 2.0 EVID 89133 Endpoint Certificate Expired | Sub Rule | General Endpoint Message | Information |
| V 2.0 EVID 89142 Provisioning Operation Failed | Sub Rule | Provisioning Failed | Warning |
| V 2.0 EVID 89143 Device Updated | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89144 Certificate Renewal Failed | Sub Rule | General Failed Activity | Failed Activity |
| V 2.0 EVID 89149 Device Compliant | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89150 Device Not Compliant | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89151 Cert Issued Can Be Revoked | Sub Rule | Revoke Certificate Request | Activity |
| V 2.0 EVID 89152 Mob Dev Unenrollment Initiated | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89153 Cert Missing For Notifification | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89154 Invalid Token TO Apple VPP | Sub Rule | General Information Log Message | Information |
| V 2.0 EVID 89155 Access Failed To Apple VPP | Sub Rule | Access Object Failure | Access Failure |
| V 2.0 EVID 89156 CMCS Server Unreachable | Sub Rule | Destination Unreachable | Error |
| V 2.0 EVID 89157 CMCS Authentication Failure | Sub Rule | Authentication Failure Activity | Authentication Failure |
| V 2.0 EVID 89158 APNS Server Unreachable | Sub Rule | Destination Unreachable | Error |
| V 2.0 EVID 89159 APNS Authentication Failure | Sub Rule | Authentication Failure Activity | Authentication Failure |
| V 2.0 EVID 89160 MDM User Auth Completed | Sub Rule | Authentication Complete | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| pri_num | N/A | N/A | Priority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value. The facility code valid options are: LOCAL0 (Code = 16) LOCAL1 (Code = 17) LOCAL2 (Code = 18) LOCAL3 (Code = 19) LOCAL4 (Code = 20) LOCAL5 (Code = 21) LOCAL6 (Code = 22; default) LOCAL7 (Code = 23) |
| time | N/A | N/A | Date of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss. |
| IP address/hostname | N/A | N/A | IP address of the originating Cisco ISE node, or the hostname. |
| cat_name | <vendorinfo> | Text/String | Logging category name preceded by the CSCOxxx string. |
| msg_id | N/A | N/A | Unique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted. |
| total_seg | N/A | N/A | Total number of segments in a log message. Long messages are divided into more than one segment. Note: The total_seg depends on the Maximum Length setting in the remote logging targets page. See Remote Logging Target Settings. |
| seg_num | N/A | N/A | Segment sequence number within a message. Use this number to determine what segment of the message you are viewing. |
| timestamp | N/A | N/A | Date of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format: YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm. |
| sequence_num | N/A | N/A | Global counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999. |
| msg_code | <vmid> <tag1> | Number | Message code as defined in the logging categories. |
| msg_sev | <severity> | Text/String | Message severity level of a log message. |
| msg_class | <subject> | Text/String | Message class, which identifies groups of messages with the same context. |
| msg_text | <action> | Text/String | English language descriptive text message. |
| key1 | N/A | N/A | N/A |
| key2 | N/A | N/A | N/A |