V 2.0 : Pattern Update Status Event
Vendor Documentation
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| V 2.0 : Pattern Update Status Event | Base Rule | Information | General Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Header (logVer) | N/A | N/A | CEF format version |
| Header (vendor) | N/A | N/A | Product vendor |
| Header (pname) | N/A | N/A | Product name |
| Header (pver) | N/A | N/A | Product version |
| Header (eventid) | N/A | N/A | Event ID |
| Header (eventName) | <vmid> | Text/String | Log name |
| Header (severity) | <severity> | Number | Severity |
| rt | N/A | N/A | Log generation time in UTC |
| shost | <dname> | Text/String/Number | Product Entity/Endpoint |
| cs1Label | N/A | N/A | Corresponding label for the "cs1" field |
| cs1 | N/A | N/A | Operating system |
| cs2Label | N/A | N/A | Corresponding label for the "cs2" field |
| cs2 | <dip> | IP Address | Product/Endpoint IP |
| cs3Label | N/A | N/A | Corresponding label for the "cs3" field |
| cs3 | N/A | N/A | Update Agent |
| cs4Label | N/A | N/A | Corresponding label for the "cs4" field |
| cs4 | N/A | N/A | Domain |
| cn1Label | N/A | N/A | Corresponding label for the "cn1" field |
| cn1 | <status> | Number | 0: Unable to connect 1: Active 2: Inactive 100: Product active 101: Product inactive but agent is active 102: Roaming |
| cn2Label | N/A | N/A | Corresponding label for the "cn2" field |
| cn2 | N/A | N/A | Pattern/Rule |
| cs5Label | N/A | N/A | Corresponding label for the "cs5" field |
| cs5 | N/A | N/A | Pattern/Rule version |
| cn3Label | N/A | N/A | Corresponding label for the "cn3" field |
| cn3 | N/A | N/A | 0: Up-to-date 1: 1 version old 2: 2 versions old 3: 3 versions old 4: 4 versions old 5: 5 versions old 6: 6 versions old 7: 7 or more versions old |
| cs6Label | N/A | N/A | Corresponding label for the "cs6" field |
| cs6 | N/A | N/A | 2: Pattern |
| deviceFacility | N/A | N/A | Managed product name |
| msg | N/A | N/A | Pattern type display name |
| ApexCentralHost | N/A | N/A | Apex Central host name |
| deviceNtDomain | N/A | N/A | Active Directory domain |
| dntdom | N/A | N/A | Apex One domain hierarchy |