Classification

Rule Name

Rule Type

Common Event

Classification

Catch All : Service OptimizationBase RuleService FoundActivity

Sample Logs

<Event xmlns='http://Host2/win/2004/08/events/event'><System><Provider Name='Service Optimization'/><EventID Qualifiers='49154'>129</EventID><Level>Information</Level><Task>Integration Manager</Task><Keywords>Classic</Keywords><TimeCreated SystemTime='2020-11-09T03:31:10.791291900Z'/><EventRecordID>2204002</EventRecordID><Channel>Application</Channel><Computer>_destinationhostname</Computer><Security/></System><EventData><Data>Service Optimization event information W6IMLoader::raw_Initialize(51): Integration Manager - Launched 1 Outbox Agents

User name: NETWORK SERVICE</Data></EventData></Event>

Mapping with LogRhythm Schema  

Device Key in Log Message

Log Value

LogRhythm Schema

Data Type

Provider NameService Optimization<vendorinfo>Text/String
EventID Qualifiers129<vmid>Number
LevelInformation<severity>Text/String
Execution ProcessidService Optimization<process>Text/String
N/AN/A<processid>Text/String
Computer_destinationhostname<dname>Text/String
N/AN/A<session>Number/Text/String
N/AN/A<login>Text/String
N/AN/A<domainorigin>Text/String
N/AN/A<status>Text/String