Sudo Message

Sudo Message

Base Rule

General Sudo Command

Activity

GDM Configuration System Accessed

Sub Rule

Object Accessed

Access Success

User Modify Command Executed

Sub Rule

User Account Attribute Modified

Account Modified

BASH Shell Executed

Sub Rule

Command Executed

Access Success

Change Owner Command Executed

Sub Rule

Command Executed

Access Success

Passwd Command Executed

Sub Rule

Command Executed

Access Success

Change Mode Command Executed

Sub Rule

Command Executed

Access Success

User Delete Command Executed

Sub Rule

User Account Deleted

Account Deleted

User Add Command Executed

Sub Rule

User Account Created

Account Created

Service Enabled

Sub Rule

Process/Service Started

Startup and Shutdown

Service Disabled

Sub Rule

Process/Service Stopped

Startup and Shutdown

Service Restarted

Sub Rule

Process/Service Restarted

Startup and Shutdown

Device Key in Log Message

LogRhythm Schema

Data Type

Host

<sname>

Text\String

N/A

<dname>

Text\String

N/A

<login>

Text\String

User

<account>

Number

COMMAND

<object>

Text\String

N/A

<tag1>

Text\String

N/A

<tag2>

Text\String