Catch All : Level 3 2 | LogRhythm Documentation

Classification

Rule Name	Rule Type	Common Event	Classification
Catch All : Level 3	Base Rule	General Operations	Other Operations
Return Status Success	Sub Rule	Return Status Success	Other Audit Success
Session Closed For User	Sub Rule	Session Closed For User	Other Audit Success
Return Status Ignore	Sub Rule	Return Status Ignore	Information
Error On Subcontainer	Sub Rule	Error On Subcontainer	Error
Connection Closed	Sub Rule	Connection Closed	Network Traffic
Crond Executed Command	Sub Rule	Command Executed	Access Success
Change Directory Failure	Sub Rule	Access Object Failure	Access Failure
Change Directory Failure : No Such File Or Dir	Sub Rule	Access Object Failure	Access Failure
Command Line Interface Logout	Sub Rule	User Logoff	Authentication Success
Command Line Interface Login	Sub Rule	User Logon	Authentication Success
Crond Executed Command As Root	Sub Rule	Crond Executed Command As Root	Information
User Session	Sub Rule	Session Started For User	Other Audit Success
Access Policy	Sub Rule	General Policy	Other Audit
Session Information	Sub Rule	Session Information	Information
No User Found	Sub Rule	SQL Transaction	Other Audit
Disk Alert	Sub Rule	General Disk Error	Error
RADIUS Auth Successful	Sub Rule	Authentication Activity	Authentication Success
Authentication Failed	Sub Rule	User Logon Failure	Authentication Failure