V 2.0 : SEP General Object Access Message 1
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : SEP Device Information Message | Sub Rule | General Information | Information |
| V 2.0 : SEP General Object Access Message | Base Rule | General Information | Information |
| V 2.0 : SEP File Transfer To Removable Media Allow | Sub Rule | File Transfer Complete | Other Audit Success |
| V 2.0 : SEP Object Access Allowed | Sub Rule | Object Accessed | Access Success |
| V 2.0 : SEP File Transfer To Removable Media Block | Sub Rule | File Transfer Blocked | Other Audit Failure |
| V 2.0 : SEP File Read Allowed | Sub Rule | Object Read | Access Success |
| V 2.0 : SEP Process Creation Allowed | Sub Rule | Rule Allowed | Other Audit Success |
| V 2.0 : SEP File Read Blocked | Sub Rule | Read Object Failure | Access Failure |
| V 2.0 : SEP Object Access Blocked | Sub Rule | Access Object Failure | Access Failure |
| V 2.0 : SEP Process Creation Blocked | Sub Rule | Process Blocked | Failed Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Event Time | N/A | N/A |
| Severity | N/A | N/A |
| Host Name | <sname> | Text/String |
| IP Address | <sip> | Number |
| Action Description | <action> <tag1> | Text/String |
| Event Description | <subject> | Text/String |
| API Name | <command> <tag2> | Text/String |
| Begin Time | N/A | N/A |
| End Time | N/A | N/A |
| Security Rule Name | <policy> | Text/String |
| Caller Process ID | <processid> | Number |
| Caller Process Name | <process> | Text/String |
| Caller Return Address | N/A | N/A |
| Caller Return Module Name | N/A | N/A |
| Parameters | <object> | Text/String |
| User Name | <login> | Text/String |
| Domain Name | <domainorigin> | Text/String |
| Action Type | N/A | N/A |
| File Size | <size> | Number |
| Device ID | <objecttype> | Text/String |