V 2.0 MDM Diagnostics Event

https://www.cisco.com/c/en/us/td/docs/security/ise/syslog/Cisco_ISE_Syslogs/m_SyslogsList.html

Rule Name	Rule Type	Common Event	Classification
V 2.0 MDM Diagnostics Event	Base Rule	General MDM Information	Information
V 2.0 EVID 89200 Invalid Payload Encountered	Sub Rule	Invalid Payload	Warning
V 2.0 EVID 89201 Invalid Session Encountered	Sub Rule	Session Invalidated	Warning
V 2.0 EVID 89202 Authentication Failure	Sub Rule	Authentication Failure Activity	Authentication Failure
V 2.0 EVID 89203 Authorization Failure	Sub Rule	Authorization Failed	Warning
V 2.0 EVID 89204 Auth Failure, User Interv. Req.	Sub Rule	Authorization Failed	Warning
V 2.0 EVID 89205 Internal Err While Handling MDE	Sub Rule	An Internal Error Has Occurred	Error
V 2.0 EVID :89206 Mobile Device Enrollment Expired	Sub Rule	General Audit Message	Other Audit
V 2.0 EVID 89207 Unsupported Mobile Device	Sub Rule	General Error Information	Error
V 2.0 EVID 89208 Authentication Attempt Exceeded	Sub Rule	Unsuccessful Activity	Other Audit Failure
V 2.0 EVID 89209 Mob. Dev. Enrollment Req Failed	Sub Rule	Failed To Complete Request	Error
V 2.0 EVID 89210 Mob. Dev. Enrollment Req Failed	Sub Rule	Failed To Complete Request	Error
V 2.0 EVID 89211 Invalid Payload Encountered	Sub Rule	Invalid Payload	Warning
V 2.0 EVID 89212 Unsupported Mobile Device	Sub Rule	General Error Information	Error
V 2.0 EVID 89213 Profile Signing Failed	Sub Rule	Profile Configuration Failure	Error
V 2.0 EVID 89214 Profile Encryption Failed	Sub Rule	Unsuccessful Activity	Other Audit Failure
V 2.0 EVID 89215 Invalid Payload Encountered	Sub Rule	Invalid Payload	Warning
V 2.0 EVID 89216 Auth. Failure Encountered	Sub Rule	Authorization Failed	Warning
V 2.0 EVID 89217 Int Err During Profile Prov Req	Sub Rule	An Internal Error Has Occurred	Error
V 2.0 EVID 89218 Profile Signing Failed	Sub Rule	Profile Configuration Failure	Error
V 2.0 EVID 89219 Application Request Timed Out	Sub Rule	Connect Request Timed Out	Other Operations
V 2.0 EVID 89220 Int Err During Application Req	Sub Rule	An Internal Error Has Occurred	Error
V 2.0 EVID 89221 Request Timed Out	Sub Rule	Connect Request Timed Out	Other Operations
V 2.0 EVID 89222 Token Resets Exceeded	Sub Rule	General Audit Message	Other Audit
V 2.0 EVID 89223 Send Token Failed	Sub Rule	Failed Configuration	Other Audit Failure
V 2.0 EVID 89224 Token Configurations Incomplete	Sub Rule	Token Error	Error

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
pri_num	N/A	N/A	Priority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value. The facility code valid options are: LOCAL0 (Code = 16) LOCAL1 (Code = 17) LOCAL2 (Code = 18) LOCAL3 (Code = 19) LOCAL4 (Code = 20) LOCAL5 (Code = 21) LOCAL6 (Code = 22; default) LOCAL7 (Code = 23)
time	N/A	N/A	Date of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss.
IP address/hostname	N/A	N/A	IP address of the originating Cisco ISE node, or the hostname.
cat_name	<vendorinfo>	Text/String	Logging category name preceded by the CSCOxxx string.
msg_id	N/A	N/A	Unique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted.
total_seg	N/A	N/A	Total number of segments in a log message. Long messages are divided into more than one segment. Note : The total_seg depends on the Maximum Length setting in the remote logging targets page. See Remote Logging Target Settings.
seg_num	N/A	N/A	Segment sequence number within a message. Use this number to determine what segment of the message you are viewing.
timestamp	N/A	N/A	Date of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format : YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm.
sequence_num	N/A	N/A	Global counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999.
msg_code	<vmid> <tag1>	Number	Message code as defined in the logging categories.
msg_sev	<severity>	Text/String	Message severity level of a log message.
msg_class	<subject>	Text/String	Message class, which identifies groups of messages with the same context.
msg_text	<action>	Text/String	English language descriptive text message.
Key1	N/A	N/A	N/A
Key2	N/A	N/A	N/A

Vendor Documentation

Classification

Mapping with LogRhythm Schema