Skip to main content
Skip table of contents

Vendor Info [7.2]

Description of specific vendor log or event identifier for the log. Human readable elaboration that directly correlates to the VMID.

This field is not available in LogRhythm versions earlier than 7.2.1.

Data Type




Client Console Full Name

Not applicable

Client Console Short Name

Not applicable

Web Console Tab/Name

Vendor Info

Elasticsearch Field Name


Rule Builder Column Name


Regex Pattern


NetMon Name

Not applicable

Field Relationships

  • VMID
  • Subject

Common Applications

Any device that generates predetermined message types or categories that are differentiated by a brief description or identification number.

Use Case

Understanding VMID for correlating events without depending on the rule name, common event/classification.

MPE/Data Masking Manipulations

Not applicable.

Usage Standards

  • To be used when VMID is present.
  • To be used rarely when VMID is not present.
    • Capturing long event descriptions such as a sentence.
  • Not for subrules.


  • Windows Event Log Security

<Event xmlns='http://Host2/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Security-Auditing' Guid='{2222222-5478-4994-a5ba-3e3b0328c30d}'/><EventID>4663</EventID><Version>0</Version><Level>Information</Level><Task>Kernel Object</Task><Opcode>Info</Opcode><Keywords>Audit Success</Keywords><TimeCreated SystemTime='2009-07-07T23:24:49.212Z'/><EventRecordID>451107</EventRecordID><Correlation/><Execution ProcessID='4' ThreadID='88'/><Channel>Security</Channel><Computer> USABLDRRECFLOW01</Computer><Security/></System><EventData>An attempt was made to access an object.


   Security ID:        USABLDRRECFLOW01\Administrator

   Account Name:       Administrator

   Account Domain:            USABLDRRECFLOW01

   Logon ID:           0x2a9fe


   Object Server:      Security

   Object Type: SymbolicLink

   Object Name: \GLOBAL??\C:

   Handle ID:   0x3c0

Process Information:

   Process ID:  0x8d0

   Process Name: C:\Windows\Host10

Access Request Information:

   Accesses:    Use symbolic link               

   Access Mask: 0x1</EventData></Event>

Describes in human readable form what the event ID (VMID) translates to.

  • CyberArk Privileged Threat Analytics

CEF:0|CyberArk|PTA|3.1|21|Suspected credentials theft|9| dst= USABLDRRECFLOW01cs2Label=eventID cs2=5b720c983420f5222222d deviceCustomDate1Label=detectionDate deviceCustomDate1=1422836202000 cs3Label=link cs3=

Suspected Credentials Theft describes VMID 21.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.