SSHD Messages 1
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| SSHD Messages | Base Rule | SSHD Information Message | Information |
| SSHD : Unknown Host | Sub Rule | Unknown Host | Information |
| SSHD : Terminating Session | Sub Rule | SSH Session Closed | Other Operations |
| SSHD : Authentication Failure | Sub Rule | User Logon Failure | Authentication Failure |
| SSHD : Session Opened | Sub Rule | SSH Session Opened | Network Traffic |
| SSHD : Session Closed | Sub Rule | SSH Session Closed | Other Operations |
| SSHD : Server Listening | Sub Rule | Server Listening On IP And Port | Information |
| SSHD : Received Disconnect | Sub Rule | Session Disconnected | Other Audit Success |
| SSHD : Failed Password | Sub Rule | User Logon Failure : Bad Password | Authentication Failure |
| SSHD : Connection Closed | Sub Rule | SSH Session Closed | Other Operations |
| SSHD : Cannot Bind Any Address | Sub Rule | Cannot Bind Connection | Error |
| SSHD : Bind To Port Failed | Sub Rule | Failed To Bind Port | Warning |
| SSHD : Authentication Failures | Sub Rule | User Logon Failure | Authentication Failure |
| SSHD : Accepted Password | Sub Rule | User Logon | Authentication Success |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <severity> | Text\String |
| N/A | <dname> | Text\String |
| N/A | <sname> | Text\String |
| N/A | <sip> | IP Address |
| N/A | <dip> | IP Address |
| N/A | <sport> | Number |
| N/A | <dport> | Number |
| N/A | <protname> | Text\String |
| N/A | <login> | Text\String |
| N/A | <session> | Text\String |
| N/A | <process> | Text\String |
| N/A | <processid> | Number |
| N/A | <object> | Number |
| N/A | <subject> | Text\String |
| N/A | <command> | Text\String |
| N/A | <tag1> | Text\String |
| N/A | <tag2> | Text\String |