Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
SSH Authentication |
Base Rule |
Authentication Success |
User Logon |
|
SSH Authentication : Failed Root |
Sub Rule |
Authentication Failure |
User Logon Failure |
|
SSH Authentication : Accepted Root |
Sub Rule |
Authentication Success |
User Logon |
|
SSH Authentication : Accepted |
Sub Rule |
Authentication Success |
User Logon |
|
SSH Authentication : Failed |
Sub Rule |
Authentication Failure |
User Logon Failure |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<protname> |
Text\String |
|
N/A |
<login> |
Text\String |
|
N/A |
<tag1> |
Text\String |
|
N/A |
<sip> |
Number |
|
N/A |
<sport> |
Number |