Skip to main content
Skip table of contents

Pattern 14 : SSH Connections

Classification

RuleNameRuleTypeCommonEventClassification
Pattern 14 : SSH ConnectionsBase RuleGeneral OperationsOther Operations
Authentication Failure : ApplicationSub RuleAuthentication Failure ActivityAuthentication Failure
Authentication Failure : Protocol ErrorSub RuleAuthentication Failure ActivityAuthentication Failure
Authentication FailureSub RuleAuthentication Failure ActivityAuthentication Failure
Authentication FailureSub RuleAuthentication Failure ActivityAuthentication Failure
Authentication Failure : Invalid PasswordSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
Failure To Resolve Remote HostnameSub RuleFailure To Resolve Remote HostnameError
Conversation FailureSub RuleConversation FailureOther Audit Failure
Login SuccessSub RuleUser LogonAuthentication Success
No Acount Present For UserSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
User Does Not Exist : Faking AuthenticationSub RuleUser Logon FailureAuthentication Failure
Authentication Failed For UserSub RuleUser Logon FailureAuthentication Failure
User Does Not Exist Or Info UnavailableSub RuleUser Logon FailureAuthentication Failure
User Does Not Exist Or Info Retrieval FailedSub RuleUser Logon FailureAuthentication Failure
Policy Allowed ConnectionSub RuleTraffic Allowed by ProxyNetwork Allow

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData Type
N/A<vmid>Text\String
N/A<login>Text\String
N/A<session>Text\String
N/A<sname>Text\String
N/A<dname>Text\String
N/A<object>Text\String
N/A<reason>Text\String
N/A

<tag1>

Text\String
N/A<tag2>Text\String
N/AsipNumber
N/AdipNumber
N/AsportNumber
N/AdportNumber
N/AresponsecodeNumber
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close