CROND Operations 1
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| CROND Operations | Base Rule | CROND Information Message | Information |
| Crond : Cannot Set Security Context | Sub Rule | Authentication Failure Activity | Authentication Failure |
| Crond : Failed To Open PAM Security Session | Sub Rule | Failed To Create Session | Error |
| Crond : Password Expired | Sub Rule | LOGIN_PASSWORD_EXPIRED | Information |
| Crond : Failed To Authorize User | Sub Rule | PAM Authentication Error | Error |
| Crond : Command Executed | Sub Rule | Cron Command Information | Information |
| Crond : Command Executed As Root | Sub Rule | Crond Executed Command As Root | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <severity> | Text/String |
| N/A | <dname> | Number/Text |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| N/A | <tag1> | Text/String |
| N/A | <subject> | Text/String |
| N/A | <tag2> | Text/String |
| N/A | <login> | Text/String |
| N/A | <command> | Number/Text |