Userhelper And Shutdown
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Userhelper And Shutdown | Base Rule | Other Audit Success | General Audit |
| User Modification | Sub Rule | Account Modified | User Account Attribute Modified |
| System Shutdown | Sub Rule | Startup and Shutdown | System Shutdown |
| Package Installation | Sub Rule | Configuration | Software Installed |
| System Reboot | Sub Rule | Startup and Shutdown | System Restarted |
| User Using Root Privileges | Sub Rule | Authentication Success | Authentication Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type |
| N/A | <login> | Text\String |
| N/A | <tag1> | Text\String |