Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|
Pattern 3 : PIX Authorization and Authentication |
Base Rule |
Authentication Activity |
Authentication Success |
|
PIX-6-109001 : Authentication Started |
Sub Rule |
Authentication Activity |
Authentication Success |
|
PIX-6-109006 : Authentication Failure |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
PIX-6-109005 : Authentication |
Sub Rule |
Authentication Activity |
Authentication Success |
|
PIX-6-109008 : Authorization Denied |
Sub Rule |
Access Object Failure |
Access Failure |
|
PIX-6-109007 : Authorization Succeeded |
Sub Rule |
Access Granted Activity |
Access Granted |
|
PIX-6-109025 : Authorization Denied ACL |
Sub Rule |
Access Object Failure |
Access Failure |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
N/A |
<sip> |
Number |
|
N/A |
<dip> |
Number |
|
N/A |
<sport> |
Number |
|
N/A |
<dport> |
Number |
|
N/A |
<protname> |
Text/String |
|
N/A |
<login> |
Text/String |