Products: Linux - Systemd Journal

Rules

Rule ID	Rule Name
MATCH-S00516	Antivirus Ransomware Detection
THRESHOLD-S00096	Brute Force Attempt
FIRST-S00065	First Seen Successful Authentication From Unexpected Country
THRESHOLD-S00097	Impossible Travel - Successful
THRESHOLD-S00098	Impossible Travel - Unsuccessful
MATCH-S00723	Loadable Kernel Module Modifications
THRESHOLD-S00517	Malware Outbreak
THRESHOLD-S00095	Password Attack from Host
THRESHOLD-S00116	Password Attack from IP
OUTLIER-S00001	Spike in Login Failures from a User
CHAIN-S00008	Successful Brute Force
MATCH-S00555	Threat Intel - Inbound Traffic Context
MATCH-S00815	Threat Intel - Successful Authentication from Threat IP
MATCH-S00919	chage command use on host

Log Mapper ID	Log Mapper Name
0b93385a-31cf-4675-8c53-b0293b74bf0d	Linux OS Systemd Journal - Audit Events
0e5cbfbb-91ac-4658-918c-709c76d53f1e	Linux OS Systemd Journal - Login Events
8db940c1-a911-4665-8c2c-39c5f56d6a5a	Linux OS Systemd Journal - User Command Events