Skip to main content
Skip table of contents

Audit Event Multiplexor Messages

Classification

Rule Name

Rule Type

Common Event

Classification

Audit Event Multiplexor MessagesBase RuleSystem Audit EventOther Audit
User Login Failed MessagesSub RuleUser Logon FailureAuthentication Failure
User Logon Success MessagesSub RuleUser LogonAuthentication Success
Credentials Acquired MessagesSub RuleAuthentication ActivityAuthentication Success
Credentials Acquire Failed MessagesSub RuleFailed To Acquire CredentialsError
Credentials Dispensed MessagesSub RuleAuthentication ActivityAuthentication Success
Credentials Dispense Failed MessagesSub RuleFailed To Dispense CredentialsError
Working Directory Changed MessagesSub RuleCommand ExecutedAccess Success
Working Directory Change FailedSub RuleRead Object FailureAccess Failure
Command Executed MessagesSub RuleCommand ExecutedAccess Success
Login MessagesSub RuleUser LogonAuthentication Success
Login Attempt Failed MessagesSub RuleAuthentication Failure ActivityAuthentication Failure
Object Path Opened MessagesSub RuleObject ReadAccess Success
Authentication MessagesSub RuleAuthentication ActivityAuthentication Success
Authentication Failed MessagesSub RuleAuthentication Failure ActivityAuthentication Failure
User Logout MessagesSub RuleUser LogoffAuthentication Success
Session Started For User MessagesSub RuleUser LogonAuthentication Success
Create Session Command Failed MessagesSub RuleCommand Execution FailureAccess Failure

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData Type
N/A<severity>Text\String
N/A<session>Number
N/A<dname>Text\String
N/A<login>Text\String
N/A<object>Text\String
N/A<processid>Number
N/A<command>Text\String
N/A<subject>Text\String
N/A<result>Text\String
N/A<tag1>Text\String
N/A<tag2>Text\String
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close