Mappings: Digital Guardian ARC - User Login|Logoff
| Input | Value |
|---|---|
| Vendor | Digital Guardian |
| Product | ARC |
| Log Format | JSON |
| Event ID Regex Pattern | (User Logon|User Logoff) |
| Output | Value |
|---|---|
| Vendor | Digital Guardian |
| Product | ARC |
| Record Type | Authentication |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| action | dg_display | |
| baseImage | dg_proc_file_name | |
| commandLine | pi_cmdln | |
| device_hostname | dg_machine_name | |
| device_mac | dg_mac_address | |
| device_type | dg_machine_type | |
| device_uniqueId | dg_mid | |
| file_hash_md5 | dg_md5 | |
| file_hash_sha1 | dg_sha1 | |
| file_hash_sha256 | dg_sha256 | |
| normalizedAction | dg_display | This is a lookup field. More info to come in the catalog later... |
| parentBaseImage | dg_parent_name | |
| pid | dg_pid | |
| user_username | dg_user |