Linux User And Group Addition Or Deletion
Classification
Rule Name | Rule Type | Classification | Common Event |
---|---|---|---|
Linux User And Group Addition Or Deletion | Base Rule | Access Granted | Access Granted Activity |
Linux : User Account Deleted | Sub Rule | Account Deleted | User Account Deleted |
Linux : User Account Created | Sub Rule | Account Created | User Account Created |
Linux : User Password Modified | Sub Rule | Account Modified | Password Modified |
Linux : Group Created | Sub Rule | Account Created | Group Created |
Linux : Account Added To Group | Sub Rule | Access Granted | Account Added To Group |
Linux : User Account Removed From Group | Sub Rule | Access Revoked | Account Removed From Group |
Linux : User Removed From Group | Sub Rule | Access Revoked | Account Removed From Group |
Linux : Group Removed | Sub Rule | Account Deleted | Group Deleted |
Linux : Group File Update | Sub Rule | Account Modified | Group Attribute Modified |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
N/A | <severity> | Text\String |
N/A | <sname> | Text\String |
N/A | <login> | Text\String |
N/A | <account> | Text\String |
N/A | <processid> | Number |
N/A | <process> | Text\String |
N/A | <object> | Text\String |
N/A | <objectname> | Text\String |
N/A | <group> | Text\String |
N/A | <tag1> | Text\String |
N/A | <tag2> | Text\String |