Mappings: Laurel Linux Audit - Catch All
Input | Value |
---|---|
Vendor | Laurel |
Product | Laurel Linux Audit |
Log Format | JSON |
Event ID Regex Pattern | _default_ |
Output | Value |
---|---|
Vendor | Laurel |
Product | Laurel Linux Audit |
Record Type | Audit |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | op | |
baseImage | exe | |
description | log_type | This is a lookup field. More info to come in the catalog later... |
device_hostname | NODE | |
srcDevice_ip | addr | |
success | res | This is a lookup field. More info to come in the catalog later... |
timestamp | timestamp | We expect the orginal record value of timestamp is in the format epoch |
user_username | acct |