GitHub Repo

Data Source: Ivanti VTM Audit

Date: 2025-01-23

ID: b04be6e5-2002-4a49-8722-52285635b8f5

Author: Michael Haag, Splunk

Description

Logs administrative and operational activities in Ivanti Virtual Traffic Manager (VTM), including configuration changes, user actions, and system events.

Details

Property Value
Source ivanti_vtm
Sourcetype ivanti_vtm_audit

Event Fields

+ Fields 
  <span class="pill kill-chain">_time</span>
  
  <span class="pill kill-chain">IP</span>
  
  <span class="pill kill-chain">MODUSER</span>
  
  <span class="pill kill-chain">OPERATION</span>
  
  <span class="pill kill-chain">MODGROUP</span>
  
  <span class="pill kill-chain">AUTH</span>
  
  <span class="pill kill-chain">USER</span>
  
  <span class="pill kill-chain">GROUP</span>
  
</div>

Example Log

1[19/Aug/2024:19:41:22 +0000]    USER=!!ABSENT!! GROUP=!!ABSENT!!        AUTH=!!ABSENT!! IP=!!ABSENT!!   OPERATION=adduser       MODUSER=newadmin        MODGROUP=admin

Source: GitHub | Version: 2