Linux User And Group Addition Or Deletion

Classification

Rule Name	Rule Type	Classification	Common Event
Linux User And Group Addition Or Deletion	Base Rule	Access Granted	Access Granted Activity
Linux : User Account Deleted	Sub Rule	Account Deleted	User Account Deleted
Linux : User Account Created	Sub Rule	Account Created	User Account Created
Linux : User Password Modified	Sub Rule	Account Modified	Password Modified
Linux : Group Created	Sub Rule	Account Created	Group Created
Linux : Account Added To Group	Sub Rule	Access Granted	Account Added To Group
Linux : User Account Removed From Group	Sub Rule	Access Revoked	Account Removed From Group
Linux : User Removed From Group	Sub Rule	Access Revoked	Account Removed From Group
Linux : Group Removed	Sub Rule	Account Deleted	Group Deleted
Linux : Group File Update	Sub Rule	Account Modified	Group Attribute Modified

Mapping with LogRhythm Schema  

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<severity>	Text\String
N/A	<sname>	Text\String
N/A	<login>	Text\String
N/A	<account>	Text\String
N/A	<processid>	Number
N/A	<process>	Text\String
N/A	<object>	Text\String
N/A	<objectname>	Text\String
N/A	<group>	Text\String
N/A	<tag1>	Text\String
N/A	<tag2>	Text\String

×