SSH Session
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| SSH Session : Closed Root | Sub Rule | Other Operations | SSH Session Closed |
| SSH Session : Closed | Sub Rule | Other Operations | SSH Session Closed |
| SSH Session : Opened Root | Sub Rule | Authentication Success | User Logon |
| SSH Session : Opened | Sub Rule | Authentication Success | User Logon |
| SSH Session | Base Rule | Authentication Success | Authentication Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| user | <login> | Text\String |
| session | <tag1> | Text\String |