Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
V 2.0 : Product Auditing Event |
Base Rule |
Other Audit |
General Auditing Message |
|
V 2.0 : Product Auditing : Error |
Sub Rule |
Error |
General Error Message |
|
V 2.0 : Product Auditing : Warning |
Sub Rule |
Warning |
General Warning Log Message |
|
V 2.0 : Product Auditing : Information |
Sub Rule |
Information |
General Information Log Message |
|
V 2.0 : Product Auditing : Failure Audit |
Sub Rule |
Failure Audit |
Auditing Failed |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
Header (logVer) |
N/A |
N/A |
CEF format version |
|
Header (vendor) |
<vendorinfo> |
Text/string |
Product vendor |
|
Header (pname) |
N/A |
N/A |
Product name |
|
Header (pver) |
N/A |
N/A |
Product version |
|
Header (eventid) |
N/A |
N/A |
Event ID |
|
Header (eventName) |
<vmid> |
Text/string |
Log name |
|
Header (severity) |
N/A |
N/A |
Severity |
|
cat |
N/A |
N/A |
Log type |
|
deviceFacility |
N/A |
N/A |
Managed product |
|
dvchost |
N/A |
N/A |
Display name of the managed endpoint |
|
rt |
N/A |
N/A |
Log generation time in UTC |
|
cn1Label |
N/A |
N/A |
Corresponding label for the "cn1" field |
|
cn1 |
N/A |
N/A |
Category ID Example: "536,870,912" |
|
cn2Label |
N/A |
N/A |
Corresponding label for the "cn2" field |
|
cn2 |
<severity> <tag1> |
Number |
Severity level
|
|
suser |
<login> |
Text/string |
The name of the user on whose behalf the event occurred |
|
deviceNtDomain |
N/A |
N/A |
Active Directory domain
|
|
dntdom |
N/A |
N/A |
Apex One domain hierarchy |
|
ApexCentralHost |
N/A |
N/A |
Apex Central host name |
|
devicePayloadId |
N/A |
N/A |
Unique message GUID |
|
act |
<action> |
Text/string |
Action |
|
src |
<sip> |
Number/Ip address |
Source IP |
|
dst |
<dip> |
Number/Ip address |
Destiantion IP |
|
smac |
<smac> |
Text/string |
Source MAC |
|
spt |
<sport> |
Number |
Source Port |
|
dmac |
<dmac> |
Text/string |
Destination MAC |
|
dpt |
<dport> |
Number |
Destination Port |
|
deviceDirection |
N/A |
N/A |
Direction |
|
cn3Label |
N/A |
N/A |
N/A |
|
cn3 |
N/A |
N/A |
N/A |
|
cn4Label |
N/A |
N/A |
N/A |
|
cn4 |
N/A |
N/A |
N/A |
|
proto |
<protnum> |
Number |
N/A |
|
cs2Label |
N/A |
N/A |
N/A |
|
cs2 |
N/A |
N/A |
N/A |
|
cs1Label |
N/A |
N/A |
N/A |
|
cs1 |
N/A |
N/A |
N/A |
|
cnt |
N/A |
N/A |
N/A |
|
cn2Label |
N/A |
N/A |
N/A |