Secure Shell Message

Classification

Rule Name	Rule Type	Common Event	Classification
Secure Shell Message	Base Rule	General Information	Information
Invalid User	Sub Rule	User Logon Failure : Bad Username	Authentication Failure
Authenicated	Sub Rule	Authentication Activity	Authentication Success
Authentication Failure	Sub Rule	User Logon Failure	Authentication Failure
PAM Authentication Failure	Sub Rule	Authentication Failure Activity	Authentication Failure
Secure FTP Request	Sub Rule	Secure FTP Request	Other Audit Success
Account Does Not Exist	Sub Rule	User Logon Failure : Bad Username	Authentication Failure
Bad Protocol Identification	Sub Rule	Bad Protocol Identification	Warning
Port Listening	Sub Rule	Port Listening	Information
Command Returned A Password	Sub Rule	Authentication Activity	Authentication Success
User Password Checked	Sub Rule	Authentication Activity	Authentication Success
Error Retrieving User Information	Sub Rule	Authentication Failure Activity	Authentication Failure
Getting Password	Sub Rule	Password Entry	Other Audit
User Granted Access	Sub Rule	User Logon	Authentication Success
User OK	Sub Rule	User Logon	Authentication Success
Host/IP Mismatch	Sub Rule	Common Name Mismatch	Error
Check Pass : Unknown User	Sub Rule	User Logon Failure : Bad Username	Authentication Failure
Connection Terminated By Client Messages	Sub Rule	Connection Terminated	Network Traffic

Mapping with LogRhythm Schema  

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<dname>	Text/String
N/A	<process>	Text/String
N/A	<processid>	numeric
N/A	<command>	Text/String
N/A	<sip>	Number
N/A	<sport>	Number
N/A	<tag2>	String
N/A	<tag1>	Text/String
N/A	<tag3>	Text/String
N/A	<login>	Text/String
N/A	<sname>	Text/String/Number
N/A	<subject>	Text/String

×