Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : Tanium Discover Events |
Base Rule |
General Information |
Information |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
N/A |
N/A |
N/A |
Vendor or Manufacturer Name |
|
N/A |
N/A |
N/A |
Product Name |
|
N/A |
N/A |
N/A |
Product Version |
|
N/A |
<vmid> |
Text/String |
EventID |
|
id |
N/A |
N/A |
N/A |
|
MacAddress |
N/A |
N/A |
N/A |
|
MacOrganization |
<smac> |
Text/String |
N/A |
|
LocallyAdministeredMacAddress |
N/A |
N/A |
N/A |
|
IpAddress |
<sip> |
IP Address |
N/A |
|
NatIpAddress |
<snatip> |
IP Address |
N/A |
|
HostName |
<sname> |
Text/String |
N/A |
|
Labels |
N/A |
N/A |
N/A |
|
Locations |
N/A |
N/A |
N/A |
|
TaniumComputerId |
N/A |
N/A |
N/A |
|
Ports |
N/A |
N/A |
N/A |
|
Os |
<object> |
Text/String |
N/A |
|
OsGeneration |
N/A |
N/A |
N/A |
|
Managed |
N/A |
N/A |
N/A |
|
Unmanageable |
N/A |
N/A |
N/A |
|
Arp |
N/A |
N/A |
N/A |
|
Nmap |
N/A |
N/A |
N/A |
|
Ping |
N/A |
N/A |
N/A |
|
Connected |
N/A |
N/A |
N/A |
|
AwsApi |
N/A |
N/A |
N/A |
|
CentralizedNmap |
N/A |
N/A |
N/A |
|
SatelliteNmap |
N/A |
N/A |
N/A |
|
NDP |
N/A |
N/A |
N/A |
|
CreatedAt |
N/A |
N/A |
N/A |
|
UpdatedAt |
N/A |
N/A |
N/A |
|
FirstManagedAt |
N/A |
N/A |
N/A |
|
LastManagedAt |
N/A |
N/A |
N/A |
|
LastDiscoveredAt |
N/A |
N/A |
N/A |
|
Profile |
N/A |
N/A |
N/A |
|
InstanceId |
N/A |
N/A |
N/A |
|
ImageId |
N/A |
N/A |
N/A |
|
InstanceType |
N/A |
N/A |
N/A |
|
InstanceState |
N/A |
N/A |
N/A |
|
LaunchTime |
N/A |
N/A |
N/A |
|
Zone |
N/A |
N/A |
N/A |
|
Provider |
N/A |
N/A |
N/A |
|
VirtualNetworkId |
N/A |
N/A |
N/A |
|
OwnerId |
N/A |
N/A |
N/A |
|
SatelliteDecId |
N/A |
N/A |
N/A |
|
SatelliteName |
N/A |
N/A |
N/A |