Breadcrumbs

Pattern 12 : General WMWare Messages

Classification

Rule Name

Rule Type

Common Event

Classification

Pattern 12 : General WMWare Messages

Base Rule

General Operations

Other Operations

XINETD : Process Started

Sub Rule

Process/Service Started

Startup and Shutdown

SSHD : Built Connection

Sub Rule

Connection Built

Network Traffic

SSHD : Administrator Failed Password

Sub Rule

User Logon Failure : Bad Password

Authentication Failure

VMWARE-HOSTD : Redirection

Sub Rule

Redirection

Information

VMWARE-HOSTD : Process Found

Sub Rule

Process Found

Information

VMWARE-HOSTD : Administrator Password Accepted

Sub Rule

Authentication Activity

Authentication Success

VMWARE-HOSTD : Password Accepted

Sub Rule

Authentication Activity

Authentication Success

SSHD : Authentication Failure

Sub Rule

User Logon Failure

Authentication Failure

SSHD : Failed Password

Sub Rule

User Logon Failure

Authentication Failure

SSHD : Multiple Authentication Failures

Sub Rule

User Logon Failure

Authentication Failure

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

process

<process>

Text/String

tag1

<tag1>

Text/String

object

<object>

Text/String

sip

<sip>

IP Address

login

<login>

Text/String

dip

<dip>

IP Address

dport

<dport>

Number

amount

<amount>

Number

session

<session>

Text/String/Number

dname

<dname>

Text/String

sport

<sport>

Number