SSH Authentication
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| SSH Authentication | Base Rule | Authentication Success | User Logon |
| SSH Authentication : Failed Root | Sub Rule | Authentication Failure | User Logon Failure |
| SSH Authentication : Accepted Root | Sub Rule | Authentication Success | User Logon |
| SSH Authentication : Accepted | Sub Rule | Authentication Success | User Logon |
| SSH Authentication : Failed | Sub Rule | Authentication Failure | User Logon Failure |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <protname> | Text\String |
| N/A | <login> | Text\String |
| N/A | <tag1> | Text\String |
| N/A | <sip> | Number |
| N/A | <sport> | Number |