Authentication Messages 1

Classification

Rule Name	Rule Type	Common Event	Classification
Authentication Messages	Base Rule	Authentication Activity	Authentication Success
User Logon Failed	Sub Rule	User Logon Failure	Authentication Failure
Account Locked Out	Sub Rule	Account Locked	Access Revoked
User Logout	Sub Rule	User Logoff	Authentication Success
User Logon	Sub Rule	User Logon	Authentication Success
Logon Timeout	Sub Rule	User Logoff	Authentication Success

Mapping with LogRhythm Schema  

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<vmid>	Text\String
N/A	<sip>	Ip Address
N/A	<login>	Text\String
N/A	<object>	Text\String
N/A	<subject>	Text\String
N/A	<tag2>	Text\String

×