Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
LastLog Messages |
Base Rule |
Information |
General Authentication Information |
|
Terminal LastLog Message |
Sub Rule |
Other Audit |
LastLog Terminal Session |
|
LastLog Logoff |
Sub Rule |
Authentication Success |
User Logoff |
|
LastLog User Still Logged In |
Sub Rule |
Information |
User Still Logged In |
|
Terminal User Still Logged In |
Sub Rule |
Other Audit |
LastLog Terminal Session |
Mapping with LoghRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<login> |
Text\String |
|
N/A |
<sip> |
IP Address |
|
N/A |
<object> |
Text\String |
|
N/A |
<tag1> |
Text\String |