Skip to main content
Skip table of contents

V 2.0 : User Mgmt Events

Vendor Documentation

Classification

Rule NameRule TypeCommon EventClassification
V 2.0 : User Mgmt EventsBase RuleGeneral AuditOther Audit Success
V 2.0 : User Account Locked OutSub RuleAccount LockedAccess Revoked
V 2.0 : Role Assigned To User AccountSub RuleAccount Added To GroupAccess Granted
V 2.0 : Role Removed From User AccountSub RuleAccount Removed From GroupAccess Revoked
V 2.0 : User Account CreatedSub RuleUser Account CreatedAccount Created
V 2.0 : User Account DeletedSub RuleUser Account DeletedAccount Deleted
V 2.0 : User Account Creation FailedSub RuleGeneral ErrorError
V 2.0 : User Account UpdatedSub RuleUser Account Attribute ModifiedAccount Modified

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
N/AN/AN/AVendor or manufacturer name.
N/AN/AN/AProduct name.
N/AN/AN/AProduct version.
N/AN/AN/AEventID.
objectid<object>NumberThe ID of the object.
auditrowidN/AN/AThe row ID from the database table.
details<action>
<group>
<tag1>
Text/String
Number
Text/String
Contains a description of the action.
creationtimeN/AN/AThe UTC timestamp of when the object was created.
modificationtimeN/AN/AThe UTC timestamp of the last time that the object was modified.
lastmodifiedbyN/AN/AThe name of the user who last modified the object.
modifieruseridN/AN/AThe unique ID of the user who last modified the object. If the ID is 0, this is a system-generated event.
moduser<login>
<domainorigin>
Text/String
Text/String
Details for the user who last modified the object.
modpersonaN/AN/ADetails for the persona who last modified the object. This field is null if no persona was used.
typeN/AN/AThe type of action that generated the audit entry. Values include:
0 - Create
1 - Update
2 - Delete
objectname<account>Text/StringThe name of the object that was modified. 
objecttypenameN/AN/AThe type of audit entry.
typename<tag2>Text/StringThe type of action that initiated the audit entry, in string form. Values include:
  • CreateObject
  • DeleteObject
  • FailedCreateObject
  • UpdateObject
audittype<vendorinfo>Text/StringThe type of audit entry.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.