Vendor Documentation


Classification

Rule Name

Rule Type

Common Event

Classification


Registry Modification Ingress EventBase RuleObject ModifiedActivity


Sample Logs

05 18 2016 08:53:37 1.1.1.1 <USER:NOTE> LEEF:1.0|CB|CB|5.1.1.160416.0935|ingress.event.regmod|cb_server=cbserver cb_version=5.1.1.160416.0935 action= computer_name=USLT1361DUMMY feed_id=13 feed_name=nvd group=LogRhythm HQ hostname=USLT1361DUMMY ioc_attr={} ioc_type=md5 ioc_value=58b8702c20de211d1fcb248d2fdd71d1 md5=58B8702C20DE211D1FCB248D2FDD71D1

Mapping with LogRhythm Schema

Device Key in Log MessageLog ValueLogRhythm SchemaData Type
vmidingress.event.regmod<vmid>Text/String
actionN/A

<action>

<command>

Text/String
computer_nameUSLT1361DUMMY

<dname>

Text/String
md558B8702C20DE211D1FCB248D2FDD71D1

<objectname>

<hash>

Text/String
pathN/A<object>Text/String
pidN/A<processid>Number
process_pathN/A<process>Text/String