Mappings: Auditd
Input | Value |
---|---|
Vendor | Linux |
Product | Auditd |
Log Format | JSON |
Event ID Regex Pattern | _default_ |
Output | Value |
---|---|
Vendor | Linux |
Product | Auditd |
Record Type | Endpoint |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
description | msg | |
device_hostname | node | |
device_ip | addr | |
file_path | exe | |
user_username | acct |