Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Secure Shell Message |
Base Rule |
General Information |
Information |
|
Invalid User |
Sub Rule |
User Logon Failure : Bad Username |
Authentication Failure |
|
Authenicated |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Authentication Failure |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
PAM Authentication Failure |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
Secure FTP Request |
Sub Rule |
Secure FTP Request |
Other Audit Success |
|
Account Does Not Exist |
Sub Rule |
User Logon Failure : Bad Username |
Authentication Failure |
|
Bad Protocol Identification |
Sub Rule |
Bad Protocol Identification |
Warning |
|
Port Listening |
Sub Rule |
Port Listening |
Information |
|
Command Returned A Password |
Sub Rule |
Authentication Activity |
Authentication Success |
|
User Password Checked |
Sub Rule |
Authentication Activity |
Authentication Success |
|
Error Retrieving User Information |
Sub Rule |
Authentication Failure Activity |
Authentication Failure |
|
Getting Password |
Sub Rule |
Password Entry |
Other Audit |
|
User Granted Access |
Sub Rule |
User Logon |
Authentication Success |
|
User OK |
Sub Rule |
User Logon |
Authentication Success |
|
Host/IP Mismatch |
Sub Rule |
Common Name Mismatch |
Error |
|
Check Pass : Unknown User |
Sub Rule |
User Logon Failure : Bad Username |
Authentication Failure |
|
Connection Terminated By Client Messages |
Sub Rule |
Connection Terminated |
Network Traffic |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<dname> |
Text/String |
|
N/A |
<process> |
Text/String |
|
N/A |
<processid> |
numeric |
|
N/A |
<command> |
Text/String |
|
N/A |
<sip> |
Number |
|
N/A |
<sport> |
Number |
|
N/A |
<tag2> |
String |
|
N/A |
<tag1> |
Text/String |
|
N/A |
<tag3> |
Text/String |
|
N/A |
<login> |
Text/String |
|
N/A |
<sname> |
Text/String/Number |
|
N/A |
<subject> |
Text/String |