Skip to main content
Skip table of contents

V 2.0 General SAML Message 1

Vendor Documentation


Rule Name

Rule Type

Common Event


V 2.0 General SAML MessageBase RuleGeneral Authentication Event

Other Audit

V 2.0 User Logon Failure

Sub Rule

User Logon Failure

Authentication Failure
V 2.0 User Logon SuccessSub RuleUser LogonAuthentication Success

Mapping with LogRhythm Schema  

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
Type (type)<vmid>Text/StringSpecifies the type of log; value is SYSTEM.
Content/Threat Type (subtype)<vendorinfo>Text/StringSubtype of the system log; refers to the system daemon generating the log
Event ID (eventid)



Text/StringString showing the name of the event.
Object (object)<object>Text/StringName of the object associated with the system event.
Severity (severity)<severity>Text/StringSeverity associated with the event; values are informational, low, medium, high, critical.

Description (opaque)

<subject>Text/StringDetailed description of the event, up to a maximum of 512 bytes.
<sip>IP Address
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.