Session Status
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Session Status | Base Rule | Session Information | Information |
| Session Started For Root | Sub Rule | Session Started For Root | Other Audit Success |
| Session Closed For Root | Sub Rule | Session Finished For Root | Other Audit Success |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| tag1 | <tag1> | Text/String |
| user | <login> | Text/String |