Audit Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Audit Messages | Base Rule | General Audit Message | Other Audit |
| General BigPipe Command Audit Message | Sub Rule | General BigPipe Command Audit Message | Other Audit |
| General HTTPD Audit Message | Sub Rule | General HTTPD Audit Message | Other Audit |
| General SSHD Audit Message | Sub Rule | General SSHD Audit Message | Other Audit |
| BigPipe Command : All Show | Sub Rule | Command Executed | Access Success |
| General MCPD Audit Message | Sub Rule | General MCPD Audit Message | Information |
| Audit : User Failed To Logon | Sub Rule | User Logon Failure | Authentication Failure |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <vendorinfo> | Text/String |
| N/A | <severity> | Text/String |
| N/A | <sip> | IP Address |
| N/A | <login> | Text/String |
| N/A | <session> | Number |
| N/A | <processid> | Number |
| N/A | <process> | Text/String |
| N/A | <object> | Number |
| N/A | <group> | Text/String |
| N/A | <command> | Text/String |
| N/A | <quantity> | Number |
| N/A | <tag1> | Text/String |
| N/A | <tag4> | Text/String |
| N/A | <parentprocessname> | Text/String |
| N/A | <subject> | Text/String |