Breadcrumbs

Audit Messages

Classification

Rule Name

Rule Type

Common Event

Classification

Audit Messages

Base Rule

General Audit Message

Other Audit

General BigPipe Command Audit Message

Sub Rule

General BigPipe Command Audit Message

Other Audit

General HTTPD Audit Message

Sub Rule

General HTTPD Audit Message

Other Audit

General SSHD Audit Message

Sub Rule

General SSHD Audit Message

Other Audit

BigPipe Command : All Show

Sub Rule

Command Executed

Access Success

General MCPD Audit Message

Sub Rule

General MCPD Audit Message

Information

Audit : User Failed To Logon

Sub Rule

User Logon Failure

Authentication Failure

Mapping with LogRhythm Schema  

Device Key in Log Message

LogRhythm Schema

Data Type

N/A

<vendorinfo>

Text/String

N/A

<severity>

Text/String

N/A

<sip>

IP Address

N/A

<login>

Text/String

N/A

<session>

Number

N/A

<processid>

Number

N/A

<process>

Text/String

N/A

<object>

Number

N/A

<group>

Text/String

N/A

<command>

Text/String

N/A

<quantity>

Number

N/A

<tag1>

Text/String

N/A

<tag4>

Text/String

N/A

<parentprocessname>

Text/String

N/A

<subject>

Text/String