Splunk® Supported Add-ons

Splunk Add-on for RSA SecurID

Source types for the Splunk Add-on for RSA SecurID

The Splunk Add-on for RSA SecurID provides the index-time and search-time knowledge for the runtime audit logs, admin audit logs, and system logs.

Source type Description Event Type CIM data models
rsa:securid:admin:syslog RSA SecurID admin audit log, which records administrative actions, such as adding and editing users. This category does not include system-level failures of administrative actions, which are captured in the system log. rsa_securid_syslog_admin_principal_events Change - Account
rsa_securid_syslog_admin_token_events Change - Audit
rsa_securid_syslog_admin_all_changes_events Change
rsa_securid_syslog_admin_email_events Email
rsa_securid_syslog_admin_alerts_events Alerts
rsa_securid_syslog_admin_authentication_events Authentication
rsa_securid_syslog_admin_privileged_authentication_events Authentication - Privileged
rsa:securid:runtime:syslog RSA SecurID runtime audit log, which records any runtime activity, such as authentication and authorization of users. rsa_securid_syslog_authentication_event Authentication
rsa_securid_syslog_runtime_change_event Change - Audit
rsa_securid_syslog_runtime_principal_events Change - Account
rsa_securid_syslog_runtime_all_changes_events Change
rsa:securid:system:syslog RSA SecurID system log, which records system-level messages such as "Server started" and "Connection manager lost DB connection." This category includes system-level failures of administrative actions. rsa_securid_syslog_system_all_changes_events Change
rsa_securid_syslog_system_principal_events Change - Account
rsa_securid_syslog_system_email_event Email
rsa_securid_syslog_system_alerts_event Alerts
rsa_securid_syslog_system_endpoint_filesystem_event Endpoint - Filesystem
Last modified on 25 July, 2022
Lookups for the Splunk Add-on for RSA SecurID   Release notes for the Splunk Add-on for RSA SecurID

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters