Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
V 2.0 : User Group Mgmt Events |
Base Rule |
General Audit |
Other Audit Success |
|
V 2.0 : Group Created |
Sub Rule |
Group Created |
Account Created |
|
V 2.0 : Group Deleted |
Sub Rule |
Group Deleted |
Account Deleted |
|
V 2.0 : Group Creation Failed |
Sub Rule |
Failed To Create Group |
Error |
|
V 2.0 : Group Updated |
Sub Rule |
Group Attribute Modified |
Account Modified |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|---|---|---|---|
|
N/A |
N/A |
N/A |
Vendor or manufacturer name. |
|
N/A |
N/A |
N/A |
Product name. |
|
N/A |
N/A |
N/A |
Product version. |
|
N/A |
N/A |
N/A |
EventID. |
|
objectid |
<object> |
Number |
The ID of the object. |
|
auditrowid |
N/A |
N/A |
The row ID from the database table. |
|
details |
N/A |
N/A |
Contains a description of the action. |
|
creationtime |
N/A |
N/A |
The UTC timestamp of when the object was created. |
|
modificationtime |
N/A |
N/A |
The UTC timestamp of the last time that the object was modified. |
|
lastmodifiedby |
<login> |
Tex/String |
The name of the user who last modified the object. |
|
modifieruserid |
N/A |
N/A |
The unique ID of the user who last modified the object. If the ID is 0, this is a system-generated event. |
|
moduser |
N/A |
N/A |
Details for the user who last modified the object. |
|
modpersona |
N/A |
N/A |
Details for the persona who last modified the object. This field is null if no persona was used. |
|
type |
N/A |
N/A |
The type of action that generated the audit entry. Values include:
|
|
objectname |
<group> |
Text/String |
The name of the object that was modified. |
|
objecttypename |
N/A |
N/A |
The type of audit entry. |
|
typename |
<tag1> |
Text/String |
The type of action that initiated the audit entry, in string form. Values include:
|
|
audittype |
<vendorinfo> |
Text/String |
The type of audit entry. |