Submit a ticketCall us

AnnouncementsSystem Monitoring for Dummies

Tired of monitoring failures disrupting the system, application, and service? Learn the key monitoring concepts needed to help you create sophisticated monitoring and alerting strategies that can help you save time and money. Read the eBook.

Get your free eBook.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > LEM Event Groups

LEM Event Groups

Updated January 7, 2019

Overview

This article lists all event groups and available subfields (column headers) that you can use for filters, nDepth searches (queries), and rules.

Environment

  • All supported LEM versions

Detail

Any Alert

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
 

Asset Scan Result Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
RiskFactor
Description
SuggestedSolution
Port
Protocol
References
Service
Machine
ApplicationName
ApplicationVersion
SourceAccount
TargetMachineList
ScanMessage
IsThreat
 

Auditable Domain Events

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceAccount
SourceDomain
SourceLogonID
DestinationAccount
DestinationDomain
DestinationAccountType
SourceMachine
DestinationMachine
PrivilegesExercised
DestinationDomainType
IsThreat
 

Auditable Events (All)

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceAccount
SourceDomain
SourceLogonID
DestinationDomain
DestinationLogonID
DestinationAccountType
SourceMachine
DestinationMachine
PrivilegesExercised
IsThreat
 

Auditable Group Events

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceAccount
SourceDomain
SourceLogonID
DestinationAccount
DestinationDomain
DestinationLogonID
DestinationAccountType
SourceMachine
DestinationMachine
PrivilegesExercised
GroupName
GroupType
IsThreat
 

Auditable Machine Account Events

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceAccount
SourceDomain
SourceLogonID
DestinationAccount
DestinationDomain
DestinationLogonID
DestinationAccountType
SourceMachine
DestinationMachine
PrivilegesExercised
IsThreat
 

Auditable User Events

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceAccount
SourceDomain
SourceLogonID
DestinationAccount
DestinationDomain
DestinationLogonID
DestinationAccountType
SourceMachine
DestinationMachine
PrivilegesExercised
IsThreat
 

Auth Audit Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceAccount
SourceDomain
SourceLogonID
DestinationAccount
DestinationDomain
DestinationLogonID
DestinationAccountType
SourceMachine
DestinationMachine
PrivilegesExercised
IsThreat
 

Auth Suspicious Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceAccount
SourceMachine
DestinationMatchine
IsThreat
 

Change Management Events

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
 

File Audit Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
 

Machine Audit Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
 

Network Attack Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceMachine
DestinationMachine
SourcePort
DestinationPort
AlertActivityType
Protocol
Interface
SourceMACAddress
DestinationMACAddress
IsThreat
 

Network Audit Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceMachine
DestinationMachine
SourcePort
DestinationPort
AlertActivityType
Protocol
Interface
SourceMACAddress
DestinationMACAddress
IsThreat
 

Network Suspicious Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
SourceMachine
DestinationMachine
SourcePort
DestinationPort
AlertActivityType
Protocol
Interface
SourceMACAddress
DestinationMACAddress
IsThreat
 

Policy Access Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
DestinationDomain
SourceAccount
SourceDomain
SourceLogonID
DestinationDomainID
SourceMachine
IsThreat
 

Process Audit Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
ProcessID
SourceAccount
SourceDomain
SourceLogonID
 

Process Start/Stop

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
ProcessID
SourceAccount
SourceDomain
SourceLogonID
 

Security Alert

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
 

Service Audit Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
ServiceName
SourceAccount
SourceDomain
 

Service Process Attack Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
 

Trigeo Alerts

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo
 

Virus/Scanner Events

EventInfo
InsertionIP
Manager
DetectionIP
InsertionTime
DetectionTime
Severity
ToolAlias
InferenceRule
ProviderSID
ExtraneousInfo

 

 

 

Last modified

Tags

Classifications

Public