SSHD Connection
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| SSHD Connection | Base Rule | Network Traffic | Connection Established |
| SSHD Connection Opened From Host | Sub Rule | Network Traffic | Inbound Connection Established |
| Closing SSHD Connection To Host | Sub Rule | Network Traffic | Inbound Connection Closed |
| Connection Closed By User | Sub Rule | Other Audit Success | Client Connection Closed |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| SAU2 | <severity> | Text/String |
| Oct 23 15:31:20 | <dname> | Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| N/A | <tag1> | Text/String |
| N/A | <sip> | Number |
| N/A | <sport> | Number |
| N/A | <login> | Text/String |