Mappings: Linux OS Syslog - Process userdel - Delete User and Remove Group

Input Requirements

Input	Value
Vendor	Linux
Product	Syslog
Log Format	JSON
Event ID Regex Pattern	`userdel-remove-group`

Record Output

Output	Value
Vendor	Linux
Product	Linux OS Syslog
Record Type	AuditChange

Fields Mapped

Cloud SIEM Schema Field	Original Record Key	Notes
baseImage	syslog_process
changeTarget	user
device_hostname	syslog_hostname
pid	syslog_process_id
resource	group
targetUser_username	user
user_username	user