Versions Compared

Version Old Version 22 New Version 23
Changes made by

Leigh Purdie

Leigh Purdie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Snare Central query language can use these fields and values to hunt for critical security data. See Log Types for information on fields that are available for each log type.

The following logtype/fields are not yet available in the Log Types area of the Snare Central user guide. Basic details are available below:

...

Log Type / Table

...

Fields

...

Tru64Audit

...

  • DATE

  • TIME

  • SYSTEM

  • TABLE

  • EVENTID

  • USERID

  • AUID

  • RUID

  • EUID

  • PID

  • PPID

  • RETURNCODE

  • STRINGS

  • TARGET

...

VMSLog

...

  • DATE

  • TIME

  • SYSTEM

  • TABLE

  • EVENTID

  • EVENTTYPE

  • USERNAME

  • SYSTEMID

  • PID

  • TERMINALNAME

  • PROCESSNAME

  • PROCESSOWNER

  • REMOTEUSERNAME

  • REMOTENODENAME

  • IMAGENAME

  • COMMANDLINE

  • OBJECTCLASSNAME

  • AUDITINGFLAGS

  • ALARMFLAGS

  • STATUS

  • DATA

...

VWActionsLog

...

  • DATE

  • TIME

  • SYSTEM

  • TABLE

  • SEQUENCE

  • CLIENTID

  • METHODCODE

  • OFFICERCODE

  • FOLDERCODE

  • CLIENTTYPE

...

WebLog

...

  • DATE

  • TIME

  • SYSTEM

  • TABLE

  • HOSTNAME

  • USERNAME

  • URL

  • RETURNCODE

  • BYTES

  • REFERRER

  • AGENT

  • PROTOCOL

  • LOGTYPE

  • CATEGORY

  • STRINGS

...

WinDHCP

...

  • DATE

  • TIME

  • SYSTEM

  • TABLE

  • EVENTID

  • DESCRIPTION

  • IPADDRESS

  • HOSTNAME

  • MACADDRESS