Mappings: Linux OS Systemd Journal - User Command Events
| Input | Value |
|---|---|
| Vendor | Linux |
| Product | Systemd Journal |
| Log Format | JSON |
| Event ID Regex Pattern | USER_CMD |
| Output | Value |
|---|---|
| Vendor | Linux |
| Product | Systemd Journal |
| Record Type | EndpointProcess |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| commandLine | cmd | |
| device_hostname | hostname | |
| pid | pid | |
| success | res | This is a lookup field. More info to come in the catalog later... |
| user_username | auid |