Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Identity Logging |
Base Rule |
General User Activity Monitor Event |
Other Audit |
|
Identity Logging : Logout |
Sub Rule |
User Logoff |
Authentication Success |
|
Identity Logging : AuthCrypt Failed |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
Identity Logging : Authcrypt |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Identity Logging : Control Traffic |
Sub Rule |
General Network Traffic |
Network Traffic |
|
Identity Logging : Login |
Sub Rule |
User Logon |
Authentication Success |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|---|---|---|
|
Product |
<version> |
Text/String |
|
origin |
<sender> |
Number/Text |
|
Action |
<action> |
Number/Text |
|
Action |
<tag1> |
Number/Text |
|
ifname |
<sinterface> |
Number/Text |
|
ifdirection |
<tag2> |
Number/Text |
|
User |
<login> |
Number/Text |
|
src_machine_name |
<sname> |
Number/Text |
|
sip |
<sip> |
Number |
|
dst_machine_name |
<dname> |
Number/Text |
|
dst_user_name |
<account> |
Number/Text |
|
domain_name |
<domainimpacted> |
Number/Text |
|
termination_reason |
<reason> |
Number/Text |
|
duration |
<days> |
Number |
|
identity_type |
<objecttype> |
Number/Text |
|
endpoint_ip |
<dip> |
Number |
|
information |
<vendorinfo> |
Number/Text |