V 2.0 : SEP Update Information
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
|---|---|---|
| N/A | <severity> | <dname> |
| N/A | <tag1> | <subject> |
| N/A | <object> | <object> |
| N/A | <objectname> | <tag1> |
| N/A | <amount> | N/A |
| N/A | <process> | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
| Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|---|---|---|---|
| 1001596 | Miscellaneous Messages | Base Rule | General Information | Information |
| Auto-Protect Failed To Load | Sub Rule | Access Object Failure | Access Failure | |
| Process Cannot Lock Process Status Table | Sub Rule | Lock Notice | Information | |
| Computer Has Been Moved | Sub Rule | Device Might Have Been Removed | Information | |
| LiveUpdate Succeeded | Sub Rule | Update Complete | Information | |
| LiveUpdate Started | Sub Rule | Update Running | Information | |
| Update Successful | Sub Rule | Update Complete | Information | |
| Organization Importing Finished Successfully | Sub Rule | Import Process Complete | Information | |
| Organization Importing Started | Sub Rule | Process/Service Started | Startup and Shutdown | |
| Database Maintenance Started | Sub Rule | Process/Service Started | Startup and Shutdown | |
| Database Maintenance Finished | Sub Rule | Database Maintenance | Information | |
| One Or More Problems With Entries In LDAP | Sub Rule | LDAP Error | Error | |
| Object Is Up-To-Date | Sub Rule | Updater Message | Information | |
| Risk Events Compressed | Sub Rule | General Event Log Information | Information |
LogRhythm Default v2.0
| Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|---|---|---|---|
| 1011182 | V 2.0 : SEP Update Information | Base Rule | Update Server Information | Information |
| V 2.0 : SEPM Component No Updates Found | Sub Rule | Update Not Needed | Information | |
| V 2.0 : SEPM Component Unable To Update | Sub Rule | Update Failed | Error | |
| V 2.0 : SEPM Component Update Successful | Sub Rule | Update Successful | Information | |
| V 2.0 : SEPM Component Up To Date | Sub Rule | Update Not Needed | Information | |
| V 2.0 : SEPM Component Update Failed | Sub Rule | Update Failed | Error |