Classification
|
Rule Name |
Rule Type |
Classification |
Common Event |
|---|---|---|---|
|
Userhelper And Shutdown |
Base Rule |
Other Audit Success |
General Audit |
|
User Modification |
Sub Rule |
Account Modified |
User Account Attribute Modified |
|
System Shutdown |
Sub Rule |
Startup and Shutdown |
System Shutdown |
|
Package Installation |
Sub Rule |
Configuration |
Software Installed |
|
System Reboot |
Sub Rule |
Startup and Shutdown |
System Restarted |
|
User Using Root Privileges |
Sub Rule |
Authentication Success |
Authentication Activity |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
|
N/A |
<login> |
Text\String |
|
N/A |
<tag1> |
Text\String |