V 2.0 : SEP Administrative Events

V 2.0 : SEP Administrative Events

Base Rule

General Administrative Operation

Information

V 2.0 : SEP Admin Logon Succeeded

Sub Rule

User Logon

Authentication Success

V 2.0 : SEP Admin Logged Out

Sub Rule

User Logoff

Authentication Success

V 2.0 : SEP Admin Logon Failed

Sub Rule

User Logon Failure

Authentication Failure

Time Stamp

N/A

N/A

Severity

 <severity>

Text/String

Site Name

N/A

Text/String

Server Name

<dname>

Text/String

Domain Name

N/A

Text/String

Admin Name

<login>

Text/String

Event Description

<subject>
<tag1>

Text/String