V 2.0 : SmartConsole Events

Vendor Documentation

Rule Name	Rule Type	Common Event	Classification
V 2.0 : SmartConsole Events	Base Rule	General Information	Information

Device Key in Log Message	LogRhythm Schema	Data Type	Schema Description
Product	<vmid>	Text/String	Product name
Originip	<dip>	IP Address	IP of the log origin
origin	<dname>	Text/String	Name of the first Security Gateway that reported this event
Operation	<action> <tag1>	Text/String	N/A
subject	<vendorinfo>	Text/String	Audit log category
status	N/A	N/A	OK/Warning/Error
administrator	<login>	Text/String	User who performed the operation
client	N/A	N/A	N/A
performedon	N/A	N/A	The name of the object that is affected by the action
objecttable	N/A	N/A	N/A
objecttype	N/A	N/A	The type of the affected object
generalinformation	N/A	N/A	N/A
Action	N/A	N/A	N/A
ifdirection	N/A	N/A	Connection direction
ifname	N/A	N/A	The name of the Security Gateway interface through which a connection traverses
session_id	N/A	N/A	N/A
alert	N/A	N/A	Alert level of matched rule (for connection logs)
client_ip_host	<sip>	IP Address	IP address of the client machine from which the change was performed
flags	N/A	N/A	Checkpoint internal field
loguid	N/A	N/A	UUID of unified logs
orginsicname	N/A	N/A	Machine SIC
sequencenum	N/A	N/A	Number added to order logs with the same Linux timestamp and origin
version	N/A	N/A	N/A
admin_level	N/A	N/A	N/A
cma_name	N/A	N/A	N/A
customer_name	N/A	N/A	N/A
fieldschanges	N/A	N/A	Specific changes done on the affected object
sendtotrackerasadvancedauditlog	N/A	N/A	N/A
session_description	N/A	N/A	N/A
session_name	N/A	N/A	N/A
session_uid	N/A	N/A	N/A
mds_name	N/A	N/A	N/A
operation_number	N/A	N/A	Operation number done by the administrator, with each operation represented by a number
uid	N/A	N/A	N/A