Breadcrumbs

Audit Event Multiplexor Messages

Classification

Rule Name

Rule Type

Common Event

Classification

Audit Event Multiplexor Messages

Base Rule

System Audit Event

Other Audit

User Login Failed Messages

Sub Rule

User Logon Failure

Authentication Failure

User Logon Success Messages

Sub Rule

User Logon

Authentication Success

Credentials Acquired Messages

Sub Rule

Authentication Activity

Authentication Success

Credentials Acquire Failed Messages

Sub Rule

Failed To Acquire Credentials

Error

Credentials Dispensed Messages

Sub Rule

Authentication Activity

Authentication Success

Credentials Dispense Failed Messages

Sub Rule

Failed To Dispense Credentials

Error

Working Directory Changed Messages

Sub Rule

Command Executed

Access Success

Working Directory Change Failed

Sub Rule

Read Object Failure

Access Failure

Command Executed Messages

Sub Rule

Command Executed

Access Success

Login Messages

Sub Rule

User Logon

Authentication Success

Login Attempt Failed Messages

Sub Rule

Authentication Failure Activity

Authentication Failure

Object Path Opened Messages

Sub Rule

Object Read

Access Success

Authentication Messages

Sub Rule

Authentication Activity

Authentication Success

Authentication Failed Messages

Sub Rule

Authentication Failure Activity

Authentication Failure

User Logout Messages

Sub Rule

User Logoff

Authentication Success

Session Started For User Messages

Sub Rule

User Logon

Authentication Success

Create Session Command Failed Messages

Sub Rule

Command Execution Failure

Access Failure

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<severity>

Text\String

N/A

<session>

Number

N/A

<dname>

Text\String

N/A

<login>

Text\String

N/A

<object>

Text\String

N/A

<processid>

Number

N/A

<command>

Text\String

N/A

<subject>

Text\String

N/A

<result>

Text\String

N/A

<tag1>

Text\String

N/A

<tag2>

Text\String