V 2.0 : SEP Administrative Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : SEP Administrative Events | Base Rule | General Administrative Operation | Information |
| V 2.0 : SEP Admin Logon Succeeded | Sub Rule | User Logon | Authentication Success |
| V 2.0 : SEP Admin Logged Out | Sub Rule | User Logoff | Authentication Success |
| V 2.0 : SEP Admin Logon Failed | Sub Rule | User Logon Failure | Authentication Failure |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Time Stamp | N/A | N/A |
| Severity | <severity> | Text/String |
| Site Name | N/A | Text/String |
| Server Name | <dname> | Text/String |
| Domain Name | N/A | Text/String |
| Admin Name | <login> | Text/String |
| Event Description | <subject> <tag1> | Text/String |