General Authentication
Classification
Rule Name | Rule type | common event | Classification |
|---|---|---|---|
| General Authentication | Base Rule | Authentication Activity | Authentication Success |
| Authentication | Sub Rule | User Logon | Authentication Success |
| Failed Authentication | Sub Rule | Authentication Failure Activity | Authentication Failure |
| Authentication | Sub Rule | User Logon | Authentication Success |
| Failed Authentication - Bad Password | Sub Rule | User Logon Failure : Bad Password | Authentication Failure |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | String |
| N/A | <process> | String |
| N/A | <tag1> | String |
| N/A | <login> | String |
| N/A | <tag2> | String |
| N/A | <sip> | Number |
| N/A | <sname> | String |