SSH Login Audit
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| SSH Login Audit | Base Rule | SSH User Authentication Status Information | Information |
| SSH : Authname | Sub Rule | SSH User Authentication Status Information | Information |
| SSH : Version | Sub Rule | SSH User Authentication Status Information | Information |
| SSH : Key Exchange | Sub Rule | SSH User Authentication Status Information | Information |
| SSH : Connection Statistics | Sub Rule | SSHD Information Message | Information |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <dip> | IP Address |
| N/A | <dport> | Number |
| N/A | <login> | Text\String |
| N/A | <process> | Text\String |
| N/A | <processid> | Number |
| N/A | <object> | Text\String |
| N/A | <objectname> | Text\String |
| N/A | <version> | Number |
| N/A | <bytesin> | Number |
| N/A | <bytesout> | Number |
| N/A | <duration> | Number |
| N/A | <tag1> | Number |