Additional Syslog Datasource Information
All out-of-the-box SysLog tasks and supported datasources declare the following fields:
-
Facility
-
Severity
-
EventTime
-
Host
-
DeviceVendor
-
DeviceProduct
-
DeviceVersion
-
Name
The other fields vary by the report.
| Report | Fields |
|---|---|
| Application Control Justification Events | PolicyName, ComputerName, UserName, UserReason, FileName, FilePath, EventReceivedByServer |
| Application Control Policy Feedback | PolicyName, ComputerName, UserName, FileName, FilePath, EventReceivedByServer, Rating |
| Recently Discovered Applications Query | FileName, FileHashSha1, FIleHashSha256, FileFirstSeenByServer, Rating |
| Local Security Password Disclosure Events | Requesting User, RemoteIpAddress, ManagedUserName, ComputerDomain, ComputerName |
| Application Control Policy Feedback Restricted to Security Level | PolicyName, ComputerName, UserName, FileName, FilePath, EventReceivedByServer, Rating |
| Application Approval Requests Events | ApprovalTypeId, ApprovalProcessId, RequestorId, ResourceId, CreationTime, LastUpdateTime, ExpiryTime, PolicyId, UserReason, FilePath, SHA256_Hash, ApprovalStatus, ApprovalRequestId, ApproverId, ActionTime, Comment, ApprovedDuration, EventTime, UserId, UserName, UserSid, AgentId, ConsumedByProcessPath, ConsumedByProcessId |
| Change History | CorrelationId, ItemId, Name, UserId, UserName, Change Details |