Identity Awareness
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Identity Awareness | Base Rule | General Firewall Log | Network Traffic |
| Identity Awareness : Control Traffic | Sub Rule | General Firewall Log | Network Traffic |
| Identity Awareness : Update | Sub Rule | Software Updated | Configuration |
| Identity Awareness : Logout | Sub Rule | User Logoff | Authentication Success |
| Identity Awareness : AuthCrypt Failed | Sub Rule | User Logon Failure | Authentication Failure |
| Identity Awareness : Authcrypt Success | Sub Rule | User Logon | Authentication Success |
| Identity Awareness : Login | Sub Rule | User Logon | Authentication Success |
| Identity Awareness : Logoff | Sub Rule | User Logoff | Authentication Success |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| Product | <version> | Number/Text |
| Origin | <sender> | Number/Text |
| Action | <action> | Number/Text |
| Action | <tag1> | Number/Text |
| SIP | <sip> | Number |
| SPort | <sport> | Number |
| DIP | <dip> | Number |
| DPort | <dport> | Number |
| Protocol | <protname> | Number/Text |
| IFName | <sinterface> | Number |
| IFDirection | <tag2> | Number/Text |
| Info | <vendorinfo> | Number/Text |
| XlateSIP | <snatip> | Number/Text |
| XlateDIP | <dnatip> | Number/Text |
| User | <login> | Number/Text |
| src_user_name | <login> | Number/Text |
| domain_name | <domain> | Number/Text |
| termination_reason | <reason> | Text/String |
| duration | <milliseconds> | Number |
| identity_type | <objecttype> | Text/String |
| description | <vendorinfo> | Number/Text |
| auth_status | <status> | Text/String |
| auth_method | <sessiontype> | Number/Text |
| src_user_group | <group> | Number/Text |
| src_machine_name | <sname> | Number/Text |
| PolicyName | <policy> | Number/Text |