PAM User Authentication
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| PAM User Authentication | Base Rule | Authentication Success | Authentication Activity |
| PAM User Login | Sub Rule | Authentication Success | User Logon |
| PAM User Login Failed | Sub Rule | Authentication Failure | User Logon Failure |
| PAM User Login Failed | Sub Rule | Authentication Failure | User Logon Failure |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <severity> | Text/String |
| sudo | <process> | Text/String |
| N/A | <processid> | Number |
| authentication | <tag1> | Text/String |
| for | <login> | Text/String |
| N/A | <account> | Text/String |