V 2.0 : Managed Product Logon/Logoff Events
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| V 2.0 : Managed Product Logon/Logoff Events | Base Rule | Other Audit | General Authentication Event |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Header (logVer) | N/A | N/A | CEF format version |
| Header (vendor) | N/A | N/A | Appliance vendor |
| Header (pname) | N/A | N/A | Appliance product |
| Header (pver) | N/A | N/A | Appliance version |
| Header (eventid) | N/A | N/A | Event ID |
| Header (eventName) | <vmid> | Text/String | Log name |
| Header (severity) | <severity> | Number | Severity |
| deviceExternalId | N/A | N/A | ID |
| shost | <dname> | Text/String/Number | Product server name |
| deviceFacility | N/A | N/A | Product name |
| cs1Label | N/A | N/A | Corresponding label for the "cs1" field |
| cs1 | <version> | Number | Product version |
| cn1Label | N/A | N/A | Corresponding label for the "cn1" field |
| cn1 | <status> | Number | Command status |
| msg | <subject> <login> <sip> | Text/String/Number | Detailed event information |