Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
V 2.0 : Managed Product Logon/Logoff Events |
Base Rule |
Other Audit |
General Authentication Event |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
Header (logVer) |
N/A |
N/A |
CEF format version |
|
Header (vendor) |
N/A |
N/A |
Appliance vendor |
|
Header (pname) |
N/A |
N/A |
Appliance product |
|
Header (pver) |
N/A |
N/A |
Appliance version |
|
Header (eventid) |
N/A |
N/A |
Event ID |
|
Header (eventName) |
<vmid> |
Text/String |
Log name |
|
Header (severity) |
<severity> |
Number |
Severity |
|
deviceExternalId |
N/A |
N/A |
ID |
|
shost |
<dname> |
Text/String/Number |
Product server name |
|
deviceFacility |
N/A |
N/A |
Product name |
|
cs1Label |
N/A |
N/A |
Corresponding label for the "cs1" field |
|
cs1 |
<version> |
Number |
Product version |
|
cn1Label |
N/A |
N/A |
Corresponding label for the "cn1" field |
|
cn1 |
<status> |
Number |
Command status |
|
msg |
<subject>
|
Text/String/Number
|
Detailed event information |