Classification
|
Rule Name |
Rule type |
classification |
common event |
|---|---|---|---|
|
General Switch User (su) |
Base Rule |
Authentication Success |
Authentication Activity |
|
Successful Switch User (su) |
Sub Rule |
Authentication Success |
Authentication Activity |
|
Failed Switch User |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Failed SU Root Access |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
Successful SU Root Access |
Sub Rule |
Authentication Success |
Authentication Activity |
Mapping with LogRhythm Schema
|
Device Key in log message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
2011-07-06T01:20:02-05:00 |
<dname> |
Text/String |
|
su |
<tag1> |
Text/String |
|
N/A |
<login> |
Text/String |
|
to |
<account> |
Text/String |