Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Server Stopping |
Sub Rule |
System Shutdown |
Startup and Shutdown |
|
Server File Closed |
Sub Rule |
Object Closed |
Access Success |
|
Directory Closed |
Sub Rule |
Object Closed |
Access Success |
|
Session Channel Closed |
Sub Rule |
Object Closed |
Access Success |
|
File Created |
Sub Rule |
Object Created |
Access Success |
|
File Renamed |
Sub Rule |
Object Renamed |
Access Success |
|
SSH Server Messages |
Base Rule |
Connection Information |
Information |
|
Server Starting |
Sub Rule |
Process/Service Starting |
Startup and Shutdown |
|
Connection Established |
Sub Rule |
Connection Established |
Network Traffic |
|
File Attributes Set |
Sub Rule |
Object Attribute Modified |
Access Success |
|
Server File Information Retrieved |
Sub Rule |
Object Accessed |
Access Success |
|
Server File Information Retrieved |
Sub Rule |
Object Accessed |
Access Success |
|
Server File Information Retrieved |
Sub Rule |
Object Accessed |
Access Success |
|
File Upload Begin |
Sub Rule |
Object Accessed |
Access Success |
|
File Upload End |
Sub Rule |
Object Accessed |
Access Success |
|
Server Disconnected |
Sub Rule |
Received Disconnect |
Other Operations |
|
Server Disconnected |
Sub Rule |
Received Disconnect |
Other Operations |
|
Server Opened File |
Sub Rule |
Object Read |
Access Success |
|
Directory Opened |
Sub Rule |
Object Read |
Access Success |
|
File Read |
Sub Rule |
Object Read |
Access Success |
|
Session Channel Open |
Sub Rule |
Object Read |
Access Success |
|
Server Connected |
Sub Rule |
Server Connection Restored |
Information |
|
Failed To Resolve Hostname |
Sub Rule |
Failed To Resolve Host |
Error |
|
Login |
Sub Rule |
User Logon |
Authentication Success |
|
Login |
Sub Rule |
User Logon |
Authentication Success |
|
Login |
Sub Rule |
User Logon |
Authentication Success |
|
Login |
Sub Rule |
User Logon |
Authentication Success |
|
Logout |
Sub Rule |
User Logoff |
Authentication Success |
|
Login Failure |
Sub Rule |
User Logon Failure |
Authentication Failure |
|
File Download Begin |
Sub Rule |
Object Downloaded |
Access Success |
|
File Download End |
Sub Rule |
Object Downloaded |
Access Success |
|
Server File Information Retrieval Failed |
Sub Rule |
Read Object Failure |
Access Failure |
|
Connection Denied |
Sub Rule |
Traffic Denied by Host Firewall |
Network Deny |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<vmid> |
Text\String |
|
N/A |
<login> |
Text\String |
|
N/A |
<session> |
Text\String |
|
N/A |
<sname> |
Text\String |
|
N/A |
<dname> |
Text\String |
|
N/A |
<object> |
Text\String |
|
N/A |
<reason> |
Text\String |
|
N/A |
<tag1> |
Text\String |
|
N/A |
<tag2> |
Text\String |
|
N/A |
<sip> |
Number |
|
N/A |
<dip> |
Number |
|
N/A |
<sport> |
Number |
|
N/A |
<dport> |
Number |
|
N/A |
<responsecode> |
Number |