SMTP Authentication
Vendor Documentation
Classification
| Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| SMTP Authentication | Base Rule | Audit/Authentication Success | Authentication Activity |
| SMTP Authentication Failed | Sub Rule | Audit/Authentication Failure | User Logon Failure |
| SMTP Authentication Succeeded | Sub Rule | Audit/Authentication Success | User Logon |
| SMTP Authentication Not Initiated By Host | Sub Rule | Audit/Authentication Failure | Authentication Failure Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
| <protname> | Text\String | ||
| <account> | Text\String | ||
| ICID | <processid> | Number | |
| <object> | Text\String | ||
| <tag1> | Text\String |