Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Identification String Not Received |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
Failed To Change Password |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
Pattern 31 : Secure Access Unit Messages |
Base Rule |
General Error |
Error |
|
Secure Connection Closed |
Sub Rule |
Connection Closed |
Network Traffic |
|
SSHD Debug Message |
Sub Rule |
SSHD Debug Message |
Information |
|
Unknown Option Error |
Sub Rule |
Invalid Options |
Warning |
|
File Or Directory Not Found |
Sub Rule |
Directory Not Found |
Other Operations |
|
Accepted Public Key |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Accepted PAM |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Subsystem Request |
Sub Rule |
Subsystem Request |
Information |
|
Postponed Public Key |
Sub Rule |
Access Object Failure |
Access Failure |
|
Secure Connection Accepted |
Sub Rule |
Traffic Allowed by Network Firewall |
Network Allow |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<severity> |
Text\String |
|
N/A |
<login> |
Text\String |
|
N/A |
<process> |
Text\String |
|
N/A |
<processid> |
Number |
|
N/A |
<object> |
Text\String |
|
N/A |
<sip> |
Number |
|
N/A |
<sport> |
Number |
|
N/A |
<tag1> |
Text\String |
|
N/A |
<tag3> |
Text\String |