Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Pattern 5 : Solaris 10 Object Access |
Base Rule |
Other Audit Success |
General Audit |
|
Solaris unmount(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris unmount ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris unlinkat(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris unlink(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris umount2(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris close(2) ok |
Sub Rule |
Access Success |
Object Closed |
|
Solaris mknod(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris xmknod(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris symlink(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris creat(2) ok |
Sub Rule |
Access Success |
Object Created |
|
Solaris renameat(2) ok |
Sub Rule |
Access Success |
Object Renamed |
|
Solaris rename(2) ok |
Sub Rule |
Access Success |
Object Renamed |
|
Solaris writevl(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris writev(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris writel(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris write(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris execve(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris exec(2) ok |
Sub Rule |
Access Success |
Command Executed |
|
Solaris General Successful Access |
Sub Rule |
Access Success |
Object Accessed |
|
Solaris semgetl(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semget(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - IPC_STAT command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETZCNT command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETVAL command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETPID command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris getportaudit(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris getkernstate(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris getdents(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris xstat(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris sysinfo(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris nfs_getfh(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris msgctl(2) - IPC_STAT command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris ioctl(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris getuseraudit(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,write,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,write,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,write,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,write ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - read,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - write,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - write,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - write,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris open(2) - write ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,write,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,write,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,write,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,write ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - read,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris read(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris p_online(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - write,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - write,creat,trunc ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - write,creat ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris openat(2) - write ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETNCNT command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris semctl(2) - GETALL command ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris readvl(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris readv(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris readlink(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris readl(2) ok |
Sub Rule |
Access Success |
Object Read |
|
Solaris rmdir(2) ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris delete serial port ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris delete printer ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris delete network attributes ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris delete filesystem ok |
Sub Rule |
Access Success |
Object Deleted/Removed |
|
Solaris rmdir(2) failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete serial port failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete printer failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete network attributes failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris delete filesystem failed |
Sub Rule |
Access Failure |
Delete/Remove Object Failure |
|
Solaris socket(2) failed |
Sub Rule |
Access Failure |
Create Object Failure |
|
Solaris fchownat(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris fchown(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris writevl(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris writev(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris writel(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris write(2) failed |
Sub Rule |
Access Failure |
Modify Object Failure |
|
Solaris unmount(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris unmount failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris unlinkat(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris unlink(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris umount2(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris close(2) failed |
Sub Rule |
Access Failure |
Close Object Failure |
|
Solaris xstat(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris sysinfo(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris semgetl(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris semget(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris readvl(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris readv(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris getuseraudit(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris getportaudit(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris getkernstate(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris getdents(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris auditstat(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris nfs_getfh(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris ioctl(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - write,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - write failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,write,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,write,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,write,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - read,write failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - write,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris open(2) - write,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - write,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - write failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,write,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,write,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,write,creat failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - read,write failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris readlink(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris readl(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris read(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris p_online(2) failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - write,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris openat(2) - write,creat,trunc failed |
Sub Rule |
Access Failure |
Access Object Failure |
|
Solaris renameat(2) failed |
Sub Rule |
Access Failure |
Rename Object Failure |
|
Solaris rename(2) failed |
Sub Rule |
Access Failure |
Rename Object Failure |
|
Solaris semctl(2) - IPC_STAT command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETZCNT command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETVAL command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETPID command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETNCNT command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris semctl(2) - GETALL command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris msgctl(2) - IPC_STAT command failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris execve(2) failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris exec(2) failed |
Sub Rule |
Access Failure |
Command Execution Failure |
|
Solaris fchownat(2) ok |
Sub Rule |
Policy |
Policy Modified : Object |
|
Solaris fchown(2) ok |
Sub Rule |
Policy |
Policy Modified : Object |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Number |
|
N/A |
<sip> |
Number |
|
N/A |
<sname> |
Text\String |
|
N/A |
<login> |
Text\String |
|
N/A |
<session> |
Text\String |
|
N/A |
<object> |
Text\String |
|
N/A |
<tag1> |
Text\String |