Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

VMware

 

The JSA VMware content extension adds new custom event properties for VMware.

The following table shows the custom properties in the JSA VMware V1.0.0 content extension.

Table 1: Custom Properties in VMware V1.0.0 Content Extension

Name

Optimized

Capture Group

Regex

Filename

Yes

1

\](?:[^\/]*?\/)*?([^\/\']*?)' was

msg=Deletion of file or directory\s.*(?:\\|\/)(.*?)\sfrom

fileName=([^\t]+)[\t]*

Machine ID

Yes

1

Warning message on\s(.*?)\son

msg=.*?\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s

msg=Message on\s(.*?)\son

msg=(.*?)\son

Permission created for\s\w+\son\s([^,]+)

Permission rule removed for\s\w+\son\s(.*)$

msg=Reconfigured\s(.*?)\son

machine\s(.*?)\son

Permission created for .*? on (.*?),

msg=Removed\s(.*?)\son

Role Name

Yes

1

role is\s([^,]+)

from.*to '(.*?)'

Target User Name

Yes

1

msg=Account\s+(.*?)\s+was

Permission rule removed for\s(\w+)

Permission created for\s(\w+)

Permission created for (.*?) on

TaskName

No

1

Task\sCreated\s:.*?(\w+\.\w+)-\d+

Task\sCompleted\s:.*?(\w+\.\w+)-\d+

User Agent

No

1

user agent:\s(.*)$

logged in as\s(.*)$

initiated\sfrom\s\'(.*?)@