MKUser Sudo Command
Classification
| Rule Name | Rule Type | Common Event | Classification |
| MKUser Sudo Command Executed | Sub Rule | General Sudo Command | Activity |
| MKUser Sudo Command Not Allowed | Sub Rule | Command Execution Failure | Access Failure |
| MKUser Not In Sudoers | Sub Rule | Command Execution Failure | Access Failure |
| MKUser Unable To Resolve Host | Sub Rule | Sudo Unable To Resolve Host | Error |
| MKUser Incorrect Password | Sub Rule | User Logon Failure : Bad Password | Authentication Failure |
| MKUser Sudo Command | Base Rule | General Sudo Command | Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <login> | Number |
| N/A | <account> | Text\String |
| N/A | <dname> | Text\String |
| N/A | <session> | Text\String |
| N/A | <process> | Text\String |
| N/A | <object> | Text\String |
| N/A | <objectname> | Text\String |
| N/A | <group> | Text\String |
| N/A | <command> | Text\String |
| N/A | <amount> | Number |
| N/A | <tag2> | Text\String |