Mappings: Administrator Audit Trail
Input | Value |
---|---|
Vendor | Druva |
Product | Druva inSync Cloud |
Log Format | JSON |
Event ID Regex Pattern | Admin Audit Trail |
Output | Value |
---|---|
Vendor | Druva |
Product | Druva inSync Cloud |
Record Type | AuditChange |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
normalizedAction | None | The static text logon is populated in this schema field. |
severity | severity | |
srcDevice_ip | ip | |
success | eventState | This is a lookup field. More info to come in the catalog later... |
user_username | initiator |