Pattern 4 : PGP Admin Messages
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| PGP Admin : Email From Address Is A Required Field | Sub Rule | Warning | Email Delivery User Unknown |
| PGP Admin : SMS Is A Required Field | Sub Rule | Warning | General SMS Warning |
| PGP Admin : Test LDAP Connection Succeed | Sub Rule | Information | Performing LDAP Connectivity Tests |
| PGP Admin : Using Passphrase Login Successfully | Sub Rule | Authentication Success | User Logon |
| PGP Admin : Failed Login Attempt | Sub Rule | Authentication Failure | User Logon Failure |
| PGP Admin : Initiated Service Restart | Sub Rule | Startup and Shutdown | Process/Service Restarting |
| PGP Admin : Changed External Syslog Configuration | Sub Rule | Configuration | Configuration Modified : System |
| Pattern 4 : PGP Admin Messages | Base Rule | Information | General PGP Message |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| LOC5 | <severity> | Text/String |
| N/A | <dname> | Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| N/A | <object> | Text/String |
| N/A | <tag1> | Text/String |
| N/A | <tag2> | Text/String |
| N/A | <tag3> | Text/String |
| N/A | <sip> | Number |
| N/A | <sname> | Text/String |
| N/A | <sport> | Number |
| N/A | <login> | Text/String |