SU Command Completed
Classification
Rule Name | Rule type | common event | classification |
|---|---|---|---|
| SU Command Completed | Base Rule | Authentication Activity | Authentication Success |
| SU Command | Sub Rule | Authentication Activity | Authentication Success |
| Failed SU To Root | Sub Rule | User Logon Failure | Authentication Failure |
| SU To Root | Sub Rule | User Logon | Authentication Success |
| Failed SU Command | Sub Rule | User Logon Failure | Authentication Failure |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <sip> | Number |
| N/A | <dname> | String |
| N/A | <account> | String |
| N/A | <tag1> | String |
| N/A | <login> | String |
| N/A | <object> | String |