V 2.0 : Managed Product Logon/Logoff Events
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
V 2.0 : Managed Product Logon/Logoff Events | Base Rule | Other Audit | General Authentication Event |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
Header (logVer) | N/A | N/A | CEF format version |
Header (vendor) | N/A | N/A | Appliance vendor |
Header (pname) | N/A | N/A | Appliance product |
Header (pver) | N/A | N/A | Appliance version |
Header (eventid) | N/A | N/A | Event ID |
Header (eventName) | <vmid> | Text/String | Log name |
Header (severity) | <severity> | Number | Severity |
deviceExternalId | N/A | N/A | ID |
shost | <dname> | Text/String/Number | Product server name |
deviceFacility | N/A | N/A | Product name |
cs1Label | N/A | N/A | Corresponding label for the "cs1" field |
cs1 | <version> | Number | Product version |
cn1Label | N/A | N/A | Corresponding label for the "cn1" field |
cn1 | <status> | Number | Command status |
msg | <subject> <login> <sip> | Text/String/Number | Detailed event information |