Skip to main content
Skip table of contents

Pattern 12 : General WMWare Messages

Vendor Documentation

https://www.vmware.com/in/products/esxi-and-esx.html

https://www.vmware.com/topics/glossary/content/bare-metal-hypervisor

Classification

Rule Name

Rule Type

Common Event

Classification
Pattern 12 : General WMWare MessagesBase RuleGeneral OperationsOther Operations
XINETD : Process StartedSub RuleProcess/Service StartedStartup and Shutdown
SSHD : Built ConnectionSub RuleConnection BuiltNetwork Traffic
SSHD : Administrator Failed PasswordSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
VMWARE-HOSTD : RedirectionSub RuleRedirectionInformation
VMWARE-HOSTD : Process FoundSub RuleProcess FoundInformation
VMWARE-HOSTD : Administrator Password AcceptedSub RuleAuthentication ActivityAuthentication Success
VMWARE-HOSTD : Password AcceptedSub RuleAuthentication ActivityAuthentication Success
SSHD : Authentication FailureSub RuleUser Logon FailureAuthentication Failure
SSHD : Failed PasswordSub RuleUser Logon FailureAuthentication Failure
SSHD : Multiple Authentication FailuresSub RuleUser Logon FailureAuthentication Failure

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
process<process>Text/String
tag1<tag1>Text/String
object<object>Text/String
sip<sip>IP Address
login<login>Text/String
dip<dip>IP Address
dport<dport>Number
amount<amount>Number
session<session>Text/String/Number
dname<dname>Text/String
sport<sport>Number
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close