V 2.0 : SEP Policy Information
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
---|
N/A | <severity> | <severity> |
N/A | <dname> | N/A |
Server | <sname> | <dname> |
Domain | <domain> | N/A |
Admin | <account> | <login> |
Event Description | <subject> | <subject> |
Policy has been | <tag1> | <tag1> |
N/A | <policy> | <policy> |
N/A | <object> | <subject> |
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
---|
1000411 | Policy Information | Base Rule | General POLICY Information | Information |
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
---|
1011175 | V 2.0 : SEP Policy Information | Base Rule | General POLICY Information | Information |
V 2.0 : SEP Policy Modified | Sub Rule | Policy Modified : System | Policy |
V 2.0 : SEP Policy Deleted | Sub Rule | Policy Disabled : System | Policy |
V 2.0 : SEP Policy Created | Sub Rule | Policy Created : System | Policy |