UserConfig Messages
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| UserConfig Messages | Base Rule | General Information | Information |
| Users Added To Group | Sub Rule | Account Added To Group | Access Granted |
| Group Attribute Changed | Sub Rule | Group Attribute Modified | Account Modified |
| Group Deleted | Sub Rule | Group Deleted | Account Deleted |
| Group Created | Sub Rule | Group Created | Account Created |
| User Enabled | Sub Rule | Account Enabled | Access Granted |
| User Changed | Sub Rule | User Account Attribute Modified | Account Modified |
| User Created | Sub Rule | User Account Created | Account Created |
| User Deleted | Sub Rule | User Account Deleted | Account Deleted |
| User Disabled | Sub Rule | Account Disabled | Access Revoked |
| User Password Set | Sub Rule | Password Modified | Account Modified |
| Username Changed | Sub Rule | User Account Name Modified | Account Modified |
| Users Removed From Group | Sub Rule | Account Removed From Group | Access Revoked |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <subject> | Text/String |
| N/A | <vmid> | Number/String |
| N/A | <tag2> | Text/String |
| N/A | <account> | Text/String |
| N/A | <group> | Text/String |
| N/A | <tag1> | Text/String |
| N/A | <login> | Text/String |
| N/A | <sip> | IP Address |