Pattern 12 : User/Group Deleted
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Pattern 12 : User/Group Deleted | Base Rule | User Account Deleted | Account Deleted |
| User Account Deleted | Sub Rule | User Account Deleted | Account Deleted |
| User Deleted From Shadow Group | Sub Rule | Account Removed From Group | Access Revoked |
| User Deleted From Group | Sub Rule | Account Removed From Group | Access Revoked |
| Group Deleted | Sub Rule | Group Deleted | Account Deleted |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <account> | Text\String |
| N/A | <group> | Text\String |
| N/A | <tag1> | Text\String |