Classification
|
Rule Name |
Rule type |
classification |
common event |
|---|---|---|---|
|
General Failed Login Attempt |
Base Rule |
Audit : Authentication Failure |
User Logon Failure |
|
Failed Anonymous Login Attempt |
Sub Rule |
Authentication Failure |
Authentication Failure Activity |
|
Failed Super User Login |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
AIX Failed Login |
Sub Rule |
Authentication Failure |
User Logon Failure |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
SAU1 |
<severity> |
Text/string |
|
failed login attempt |
<login> |
Text/string |
|
from |
<sname> |
Text/string |
|
from |
<sip> |
Number |