V 2.0 Admin Authentication And Authorization Event
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
V 2.0 Admin Authentication And Authorization Event | Base Rule | General Authentication Event | Other Audit |
V 2.0 EVID 10000: Handle Incoming Admin Auth Req | Sub Rule | Administrator Authentication Request | Information |
V 2.0 EVID 10001: Incorrect Configuration Version | Sub Rule | Incorrect Configuration Version | Error |
V 2.0 EVID 10002: Failure To Load Appropriate Svc | Sub Rule | General Failed Activity | Failed Activity |
V 2.0 EVID 10003: Admin Auth Rcvd Blank Admin Name | Sub Rule | Authentication Failure Activity | Authentication Failure |
V 2.0 EVID 10004: Admin Auth Rcvd Blank Admin Pwd | Sub Rule | Authentication Failure Activity | Authentication Failure |
V 2.0 EVID 10005: Admin Authenticated Successfull | Sub Rule | Authentication Activity | Authentication Success |
V 2.0 EVID 10006: Admin Authentication Failed | Sub Rule | Authentication Failure Activity | Authentication Failure |
V 2.0 EVID 10007: Admin Auth Failed DB Error | Sub Rule | Authentication Failure Activity | Authentication Failure |
V 2.0 EVID 10008: Received Valid Admin Auth Req | Sub Rule | Administrator Authentication Request | Information |
V 2.0 EVID 10009: Received Admin Auth Request | Sub Rule | Administrator Authentication Request | Information |
V 2.0 EVID 10010: Admin Password Change Reminder | Sub Rule | Password Change Requested | Information |
V 2.0 EVID 10011: Pwd Expired Admin Pwd Change Req | Sub Rule | Password Change Required | Information |
V 2.0 EVID 10012: A/C Inactivity Admin Pwd Change | Sub Rule | Password Change Required | Information |
V 2.0 EVID 10013: Admin A/C Set As Never Disabled | Sub Rule | General Admin Information | Information |
V 2.0 EVID 10014: Admin Account Set To Change Pwd | Sub Rule | Password Change Required | Information |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
---|---|---|---|
pri_num | N/A | N/A | Priority value of the message, a combination of the facility value and the severity value of the message. Priority value = (facility value * 8) + severity value. The facility code valid options are: LOCAL0 (Code = 16) LOCAL1 (Code = 17) LOCAL2 (Code = 18) LOCAL3 (Code = 19) LOCAL4 (Code = 20) LOCAL5 (Code = 21) LOCAL6 (Code = 22; default) LOCAL7 (Code = 23) |
time | N/A | N/A | Date of the message generation, according to the local clock of the originating Cisco ISE server, in the format Mmm DD hh:mm:ss. |
IP address/hostname | N/A | N/A | IP address of the originating Cisco ISE node, or the hostname. |
cat_name | <vendorinfo> | Text/String | Logging category name preceded by the CSCOxxx string. |
msg_id | N/A | N/A | Unique message ID; 1 to 4294967295. The message ID increases by 1 with each new message. Message IDs restart at 1 each time the application is restarted. |
total_seg | N/A | N/A | Total number of segments in a log message. Long messages are divided into more than one segment. Note: The total_seg depends on the Maximum Length setting in the remote logging targets page. See Remote Logging Target Settings. |
seg_num | N/A | N/A | Segment sequence number within a message. Use this number to determine what segment of the message you are viewing. |
timestamp | N/A | N/A | Date of the message generation, according to the local clock of the originating the Cisco ISE node, in the following format: YYYY-MM-DD hh:mm:ss:xxx +/-zh:zm. |
sequence_num | N/A | N/A | Global counter of each message. If one message is sent to the local store and the next to the syslog server target, the counter increments by 2. Possible values are 0000000001 to 999999999. |
msg_code | <vmid> <tag1> | Number | Message code as defined in the logging categories. |
msg_sev | <severity> | Text/String | Message severity level of a log message. |
msg_class | <subject> | Text/String | Message class, which identifies groups of messages with the same context. |
msg_text | <action> | Text/String | English language descriptive text message. |
Key1 | N/A | N/A | N/A |
Key2 | N/A | N/A | N/A |