Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Authentication Failure |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
Connection Closed |
Sub Rule |
Connection Closed |
Network Traffic |
|
Pattern 19 : Informational Messages |
Base Rule |
General Syslog Information |
Information |
|
SMTP Server Not Issuing Commands |
Sub Rule |
SMTP Warning |
Warning |
|
Segmentation Fault |
Sub Rule |
Segmentation Fault |
Error |
|
Received Disconnect |
Sub Rule |
Disconnect Request Received |
Information |
|
SFTP Request Received |
Sub Rule |
SFTP Request |
Information |
|
UUID Functionality Is Not Supported |
Sub Rule |
UUID Not Supported |
Information |
|
Accepted Keyboard Interactive/Pam |
Sub Rule |
User Logon |
Authentication Success |
|
Failed Login - Illegal User |
Sub Rule |
User Logon Failure : Bad Username |
Authentication Failure |
|
Accepted Publickey |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Superuser Accepted Publickey |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Yum Informational Message |
Sub Rule |
Yum Logs |
Information |
|
Subsystem Request |
Sub Rule |
Subsystem Request |
Information |
|
General Login Counter Message |
Sub Rule |
General Login Counter Message |
Information |
|
Login Counter Message : Tally Underflow |
Sub Rule |
Login Counter Underflow |
Warning |
|
Did Not Receive Identification String |
Sub Rule |
Did Not Receive Identification String |
Information |
|
Write Failed |
Sub Rule |
Write Failed |
Error |
|
General Pam_Access |
Sub Rule |
General PAM_Access Message |
Information |
|
General PAM_Securetty |
Sub Rule |
General PAM_SecureTTY Message |
Information |
|
Failed Login |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
General PAM_Securetty Access Denied |
Sub Rule |
Access Object Failure |
Access Failure |
|
Connection Made |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<severity> |
Text\String |
|
N/A |
<login> |
Text\String |
|
N/A |
<dname> |
Text\String |
|
N/A |
<sname> |
Text\String |
|
N/A |
<protname> |
Text\String |
|
N/A |
<object> |
Text\String |
|
N/A |
<subject> |
Text\String |
|
N/A |
<process> |
Text\String |
|
N/A |
<processid> |
Number |
|
N/A |
<tag2> |
Text\String |
|
N/A |
<tag3> |
Text\String |
|
N/A |
<sip> |
Numeric |
|
N/A |
<sport> |
Number |
|
N/A |
<tag4> |
Text\String |