Pattern 14 : SSH Connections | LogRhythm Documentation

Classification

RuleName	RuleType	CommonEvent	Classification
Pattern 14 : SSH Connections	Base Rule	General Operations	Other Operations
Authentication Failure : Application	Sub Rule	Authentication Failure Activity	Authentication Failure
Authentication Failure : Protocol Error	Sub Rule	Authentication Failure Activity	Authentication Failure
Authentication Failure	Sub Rule	Authentication Failure Activity	Authentication Failure
Authentication Failure	Sub Rule	Authentication Failure Activity	Authentication Failure
Authentication Failure : Invalid Password	Sub Rule	User Logon Failure : Bad Password	Authentication Failure
Failure To Resolve Remote Hostname	Sub Rule	Failure To Resolve Remote Hostname	Error
Conversation Failure	Sub Rule	Conversation Failure	Other Audit Failure
Login Success	Sub Rule	User Logon	Authentication Success
No Acount Present For User	Sub Rule	User Logon Failure : Bad Username	Authentication Failure
User Does Not Exist : Faking Authentication	Sub Rule	User Logon Failure	Authentication Failure
Authentication Failed For User	Sub Rule	User Logon Failure	Authentication Failure
User Does Not Exist Or Info Unavailable	Sub Rule	User Logon Failure	Authentication Failure
User Does Not Exist Or Info Retrieval Failed	Sub Rule	User Logon Failure	Authentication Failure
Policy Allowed Connection	Sub Rule	Traffic Allowed by Proxy	Network Allow