Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Pattern 2 : PIX Authentications |
Base Rule |
Authentication Activity |
Authentication Success |
|
PIX-X-719023 : User Not Successfully Authenticated |
Sub Rule |
Access Object Failure |
Access Failure |
|
PIX-X-719022 : User Has Been Authenticated |
Sub Rule |
User Logon |
Authentication Success |
|
PIX-X-719021 : User Is Not Checked Against ACL |
Sub Rule |
Reconnaissance Activity |
Reconnaissance |
|
PIX-X-719020 : Authorization Completed |
Sub Rule |
Access Granted Activity |
Access Granted |
|
PIX-X-719019 : Authorization Failed |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
PIX-X-719018 : ACL ID Not Found |
Sub Rule |
ACL Not Found |
Error |
|
PIX-X-719017 : Invalid Dynamic ACL |
Sub Rule |
Reconnaissance Activity |
Reconnaissance |
|
PIX-X-716023 : Session Could Not Be Established |
Sub Rule |
Session Error |
Error |
|
PIX-X-713198 : User Authorization Failed |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
PIX-X-611103 : User Logged Out |
Sub Rule |
User Logoff |
Authentication Success |
|
PIX-X-611102 : User Authentication Failed |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
PIX-X-611101 : User Authentication Succeeded |
Sub Rule |
User Logon |
Authentication Success |
|
PIX-X-113018 : Unsupported Downloaded ACL |
Sub Rule |
Unsupported ACL |
Warning |
|
PIX-X-113017 : AAA Credentials Rejected |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
PIX-X-113015 : AAA User Authentication Rejected |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
PIX-X-113013 : AAA Unable to Complete the Request |
Sub Rule |
Failed to Complete Request |
Error |
|
PIX-X-113012 : AAA User Authentication Successful |
Sub Rule |
User Logon |
Authentication Success |
|
PIX-X-113011 : AAA Retrieved Group Policy |
Sub Rule |
User Policy Retrieved |
Other Audit |
|
PIX-X-113010 : AAA Challenge Received for User |
Sub Rule |
Authentication Activity |
Authentication Success |
|
PIX-X-113009 : AAA Retrieved Default Group Policy |
Sub Rule |
Group Policy Retrieved |
Other Audit Success |
|
PIX-X-113008 : AAA Transaction Status ACCEPT |
Sub Rule |
Transaction Accepted |
Other Audit Success |
|
PIX-X-113007 : User Unlocked by Administrator |
Sub Rule |
Account Unlocked |
Access Granted |
|
PIX-X-113006 : User Locked Out |
Sub Rule |
Account Locked |
Access Revoked |
|
PIX-X-113003 : AAA Group Policy Being Set |
Sub Rule |
Policy Enabled : Domain |
Policy |
|
PIX-X-111009 : User Executed |
Sub Rule |
Command Executed |
Access Success |
|
PIX-X-111008 : User Executed the Command |
Sub Rule |
Command Executed |
Access Success |
|
PIX-X-109016 : Cant Find Authorization ACL |
Sub Rule |
Reconnaissance Activity |
Reconnaissance |
|
PIX-X-109012 : Auth Session End |
Sub Rule |
Authentication Activity |
Authentication Success |
|
PIX-X-109011 : Auth Session Start |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Attempt To Send IKE Packet from Standby Unit |
Sub Rule |
Attempt to Send IKE Packet from Standby Unit |
Information |
|
PIX-X-113005 : Authentication Failure |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
PIX-X-113004 : Authentication Success |
Sub Rule |
User Logon |
Authentication Success |
|
ASA-X-111008 : Shun |
Sub Rule |
Traffic Denied by Network Firewall |
Network Deny |
|
ASA-X-111008 : No Shun |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
N/A |
<sip> |
Number |
|
N/A |
<severity> |
Number |
|
N/A |
<login> |
Text/String |
|
N/A |
<session> |
Number |
|
N/A |
<object> |
Text/String |
|
N/A |
<threatname> |
Text/String |
|
N/A |
<group> |
Text/String |
|
N/A |
<command> |
Text/String |