General Failed Login Attempt

Classification

Rule Name	Rule type	classification	common event
General Failed Login Attempt	Base Rule	Audit : Authentication Failure	User Logon Failure
Failed Anonymous Login Attempt	Sub Rule	Authentication Failure	Authentication Failure Activity
Failed Super User Login	Sub Rule	Authentication Failure	User Logon Failure
AIX Failed Login	Sub Rule	Authentication Failure	User Logon Failure

Mapping with LogRhythm Schema  

Device Key in Log Message	LogRhythm Schema	Data Type
SAU1	<severity>	Text/string
failed login attempt	<login>	Text/string
from	<sname>	Text/string
from	<sip>	Number

×