General Failed Authentication Messages
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| General Failed Authentication Messages | Base Rule | User Logon Failure | Authentication Failure |
| Did Not Receive Identification String | Sub Rule | Authentication Failure Activity | Authentication Failure |
| Received Disconnect | Sub Rule | Session Ended | Other Audit Success |
| Failed Login Attempt | Sub Rule | User Logon Failure | Authentication Failure |
| Login Timed Out | Sub Rule | Session Timeout | Warning |
| Authentication Failure For Root | Sub Rule | Authentication Failure Activity | Authentication Failure |
| Authentication Failure For Root | Sub Rule | Authentication Failure Activity | Authentication Failure |
| Authentication Failure | Sub Rule | Authentication Failure Activity | Authentication Failure |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <dname> | Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| N/A | <dinterface> | Number |
| N/A | <tag1> | Text/String |
| N/A | <login> | Text/String |
| N/A | <sip> | Number |
| N/A | <sname> | Text/String |
| N/A | <sport> | Number |
| N/A | <seconds> | Number |
| N/A | <account> | Text/String |