Single Sign On Message
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| Single Sign On Message | Base Rule | Authentication Activity | Authentication Success |
| Authenticate Message | Sub Rule | Authentication Activity | Authentication Success |
| User Authentication Success | Sub Rule | User Logon | Authentication Success |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| N/A | <severity> | Text/String |
| N/A | <process> | Text/String |
| user | <domain> | Number/Text |
| N/A | <login> | Number/Text |
| authenticated | <tag1> | Number/Text |
| N/A | <dname> | Number/Text |
| N/A | <object> | Number/Text |