V 2.0 : Question Mgmt Events

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
V 2.0 : Question Mgmt Events	Base Rule	General Audit	Other Audit Success
V 2.0 : Question Created	Sub Rule	Object Created	Access Success
V 2.0 : Question Deleted	Sub Rule	Object Deleted/Removed	Access Success
V 2.0 : Question Creation Failed	Sub Rule	Object Update Failed	Error
V 2.0 : Question Updated	Sub Rule	Object Modified	Access Success

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
N/A	N/A	N/A	Vendor or manufacturer name.
N/A	N/A	N/A	Product name.
N/A	N/A	N/A	Product version.
N/A	N/A	N/A	EventID.
objectid	<object>	Number	The ID of the object.
auditrowid	N/A	N/A	The row ID from the database table.
details	N/A	N/A	Contains a description of the action.
creationtime	N/A	N/A	The UTC timestamp of when the object was created.
modificationtime	N/A	N/A	The UTC timestamp of the last time that the object was modified.
lastmodifiedby	N/A	N/A	The name of the user who last modified the object.
modifieruserid	N/A	N/A	The unique ID of the user who last modified the object. If the ID is 0, this is a system-generated event.
moduser	<login> <domainorigin>	Text/String Text/String	Details for the user who last modified the object.
modpersona	N/A	N/A	Details for the persona who last modified the object. This field is null if no persona was used.
type	N/A	N/A	The type of action that generated the audit entry. Values include: 0 - Create 1 - Update 2 - Delete
objectname	<objectname>	Text/String	The name of the object that was modified.
objecttypename	N/A	N/A	The type of audit entry.
typename	<tag1>	Text/String	The type of action that initiated the audit entry, in string form. Values include: CreateObject DeleteObject FailedCreateObject UpdateObject
audittype	<vendorinfo>	Text/String	The type of audit entry.