Interactive Authentication
Classification
Rule Name | Rule type | common event | Classification |
|---|---|---|---|
| Interactive Authentication | Base Rule | User Logon | Authentication Success |
| Keyboard Interactive Authentication Accepted | Sub Rule | User Logon | Authentication Success |
| Keyboard Interactive Authentication Failed | Sub Rule | User Logon Failure | Authentication Failure |
| Password Authentication Accepted | Sub Rule | Authentication Activity | Authentication Success |
| Password Authentication Failed | Sub Rule | User Logon Failure : Bad Password | Authentication Failure |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <dname> | String/Number |
| N/A | <process> | String |
| N/A | <tag2> | String |
| N/A | <tag1> | String |
| N/A | <login> | String |
| N/A | <sipn> | Number |
| N/A | <dip> | Number |
| N/A | <sessiontype> | Text/String |
| N/A | <sport> | Number |