V 2.0 : WEB_API
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : WEB_API | Base Rule | General Information | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| Product | <vmid> | Text/String | Product name |
| Originip | N/A | N/A | IP of the log origin |
| Origin | N/A | N/A | N/A |
| operation | <action> | Text/String | N/A |
| Subject | <vendorinfo> | Text/String | N/A |
| status | <status> | Text/String | N/A |
| administrator | <login> | Text/String | User who performed the operation |
| client | <sip> <sname> | IP Address Text/String | N/A |
| performedon | <object> | Text/String | N/A |
| objecttable | N/A | N/A | N/A |
| objecttype | <objecttype> | Text/String | N/A |
| generalinformation | <subject> | Text/String | N/A |
| time | N/A | N/A | N/A |
| Action | N/A | N/A | N/A |
| ifdirection | N/A | N/A | N/A |
| ifname | N/A | N/A | N/A |
| session_id | N/A | N/A | N/A |
| alert | N/A | N/A | N/A |
| client_ip_host | N/A | N/A | IP address of the client machine the change was performed from |
| flags | N/A | N/A | N/A |
| loguid | N/A | N/A | UUID of unified logs |
| originsicname | N/A | N/A | N/A |
| sequencenum | N/A | N/A | Number added to order logs with the same Linux timestamp and origin |
| version | N/A | N/A | N/A |
| admin_level | N/A | N/A | N/A |
| cma_name | N/A | N/A | N/A |
| customer_name | N/A | N/A | N/A |
| fieldschanges | N/A | N/A | Specific changes done on the affected object |
| mds_name | N/A | N/A | N/A |
| operation_number | N/A | N/A | Operation number done by the administrator, with each operation represented by a number |
| uid | N/A | N/A | N/A |