Pattern 31 : Secure Access Unit Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Identification String Not Received | Sub Rule | Authentication Failure Activity | Authentication Failure |
| Failed To Change Password | Sub Rule | Authentication Failure Activity | Authentication Failure |
| Pattern 31 : Secure Access Unit Messages | Base Rule | General Error | Error |
| Secure Connection Closed | Sub Rule | Connection Closed | Network Traffic |
| SSHD Debug Message | Sub Rule | SSHD Debug Message | Information |
| Unknown Option Error | Sub Rule | Invalid Options | Warning |
| File Or Directory Not Found | Sub Rule | Directory Not Found | Other Operations |
| Accepted Public Key | Sub Rule | Authentication Activity | Authentication Success |
| Accepted PAM | Sub Rule | Authentication Activity | Authentication Success |
| Subsystem Request | Sub Rule | Subsystem Request | Information |
| Postponed Public Key | Sub Rule | Access Object Failure | Access Failure |
| Secure Connection Accepted | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <login> | Text\String |
| N/A | <process> | Text\String |
| N/A | <processid> | Number |
| N/A | <object> | Text\String |
| N/A | <sip> | Number |
| N/A | <sport> | Number |
| N/A | <tag1> | Text\String |
| N/A | <tag3> | Text\String |