circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

AgentX Linux labels

hashtag
Unix Audit Labels

Event Type

Labels

ACCT_LOCK

User,Account,Lock

ACCT_UNLOCK

User,Account,Unlock

ADD_GROUP

Group,Management,Add

ADD_USER

User,Account,Management,Create

ANOM_ABEND

Process,End,Abnormal

ANOM_ACCESS_FS

File,Access,End,Abnormal

ANOM_ADD_ACCT

User,Account,Management,Create,End,Abnormal

ANOM_AMTU_FAIL

Machine,Test,Fail,Detect

ANOM_CRYPTO_FAIL

System,Fail

ANOM_DEL_ACCT

User,Account,Management,Delete,End,Abnormal

ANOM_EXEC

File,Execute,End,Abnormal

ANOM_LOGIN_ACCT

User,Login,End,Abnormal

ANOM_LOGIN_FAILURES

User,Login,Limit,Reach

ANOM_LOGIN_LOCATION

User,Login,Attempt,Forbidden,Location

ANOM_LOGIN_SESSIONS

User,Login,Session,Limit,Reach

ANOM_LOGIN_TIME

User,Login,Fail

ANOM_MAX_DAC

Access,Control,Fail,Limit,Reach

ANOM_MAX_MAC

Access,Control,Fail,Limit,Reach

ANOM_MK_EXEC

Create,Executable,File

ANOM_MOD_ACCT

User,Account,Management,Change,End,Abnormal

ANOM_PROMISCUOUS

Mode,Change

ANOM_RBAC_FAIL

Role,Base,Access,Control,Selftest,Fail

ANOM_RBAC_INTEGRITY_FAIL

Role,Base,Access,Control,File,Integrity,Test,Fail

ANOM_ROOT_TRANS

User,Privilege,Escalation

BPRM_FCAPS

Program,Execute,Filesystem

CHGRP_ID

Group,ID,Change

CHUSER_ID

User,ID,Change

CONFIG_CHANGE

Audit,System,Configuration,Change

CRED_ACQ

User,Account,Management,Credential,Assign

CRED_DISP

User,Account,Management,Credential,Dispose

CRED_REFR

User,Account,Management,Credential,Refresh

CRYPTO_FAILURE_USER

Operation,Fail

CRYPTO_LOGIN

User,Login,Attempt

CRYPTO_LOGOUT

User,Logoff,Attempt

CRYPTO_REPLAY_USER

Replay,Attack,Detect

DAEMON_ABORT

Daemon,Stop,Error

DAEMON_ACCEPT

Audit,Daemon,Remote,Connection,Accept

DAEMON_CLOSE

Audit,Daemon,Remote,Connection,Close

DAEMON_CONFIG

Daemon,Configuration,Change,Detect

DAEMON_END

Daemon,Stop

DAEMON_RESUME

Audit,Daemon,Resume,Logging

DAEMON_START

Audit,Daemon,Start

DEL_GROUP

Group,Account,Management,Delete

DEL_USER

User,Account,Management,Delete

DEV_ALLOC

Device,Allocation

DEV_DEALLOC

Device,Deallocation

EOE

Event,End

GRP_AUTH

Group,Authentication

INTEGRITY_RULE

Record,Policy,Rule

INTEGRITY_STATUS

Integrity,Verification,Status

LOGIN

User,Login

MAC_MAP_ADD

Domain,Map,Add

MAC_MAP_DEL

Domain,Map,Delete

MAC_POLICY_LOAD

Policy,File,Load

MAC_STATUS

Mode,Change

PATH

File,Path,Info

RESP_ACCT_LOCK

User,Account,Lock

RESP_ACCT_LOCK_TIMED

User,Account,Lock

RESP_ACCT_REMOTE

User,Account,Lock,Remote,Session

RESP_ACCT_UNLOCK_TIMED

User,Account,Unlock

RESP_ALERT

Alert,Email,Send

RESP_EXEC

IDS,Response,Threat,Program,Execute

RESP_HALT

System,Shutdown

RESP_KILL_PROC

Process,End

RESP_SINGLE

System,Mode,Change

RESP_TERM_ACCESS

Session,End

RESP_TERM_LOCK

Terminal,Lock

ROLE_ASSIGN

User,Role,Assign

ROLE_MODIFY

User,Role,Change

ROLE_REMOVE

User,Role,Remove

SELINUX_ERR

Internal,Error,Detect

SERVICE_START

Service,Start

SERVICE_STOP

Service,Stop

SYSTEM_BOOT

System,Boot

SYSTEM_RUNLEVEL

System,Run,Level,Change

SYSTEM_SHUTDOWN

System,Shutdown

USER_ACCT

User,Authorization,Attempt,Detect

USER_AVC

Message,Generate

USER_AUTH

User,Authentication

USER_CHAUTHTOK

User,Account,Management,Password,Change

USER_CMD

Command,Execute

USER_START

Session,Start

USER_END

Session,End

USER_ERR

User,State,Error,Detect

USER_LOGIN

User,Login

USER_LOGOUT

User,Logoff

USER_MAC_POLICY_LOAD

Policy,Load

USER_MGMT

User,Account,Management,Attribute,Change

USER_ROLE_CHANGE

User,Account,Management,Role,Change

USER_SELINUX_ERR

User,Error,Detect

USER_UNLABELED_EXPORT

Object,Export

USYS_CONFIG

User,System,Configuration,Change,Detect

VIRT_CONTROL

Virtual,Machine,Control

VIRT_RESOURCE

Virtual,Machine,Resource,Assign

Status

Labels

success

Successful

failed

Fail

hashtag
Unix Sysmon Labels

Event ID

Labels

1

Process,Create

3

Network,Connection,Detect

4

Service,State,Change

5

Process,End

11

File,Create,Overwrite

16

Sysmon,Configuration,Change

23

File,Delete

hashtag
File Integrity Monitoring Labels

Action

Labels

added

Add

deleted

Delete

modified

Modify

Registry

Labels

true

Registry

false

File

hashtag
Unix Generic Labels

Event Source

Labels

auth

Authentication

pam

PAM

pam_authenticate

Authentication

pam_krb5

Authentication

pam_sm_authenticate

Authentication

Object

Labels

access

Access

account

Account

address

Address

authentication

Authentication

authentication token

Authentication,Token

backup

Backup

bad protocol version

Bad,Protocol,Version

check

Check

client

Client

command

Command

condition

Condition

configuration

Configuration

connect

Connect

connection

Connection

credential cache file

Credential,Cache,File

disconnect

Disconnect

entry

Entry

expiration

Expire

file

File

firewall rules

Firewall,Rule

flow control

Flow,Control

home directory

Directory

identification string

Identification

index files

Index,File

information

Information

internal module

Internal,Module

link

Link

login

Login

login keyring

Login,Keyring

module

Module

modules

Module

new password

Password

new user login

New,User,Login

notification

Notification

packet

Packet

packet(s)

Packet

pam creds

PAM,Credentials

pam_close_session

PAM,Session,Close

pam_sm_acct_mgmt

PAM,Account,Management

password

Password

password expiry

Password,Expiry

php session files

Session,File

policy

Policy

process

Process

protocol major versions

Protocol,Version

remote web server

Remote,Web,Server

requirement

Requirement

samba password database

Password,Database

security

Security

server

Server

service

Service

service instance

Service

session

Session

session setup

Session

shadow information

Shadow,Information

signal

Signal

socket

Socket

subsystem

Subsystem

threshold

Threshold

user

User

user’s login

User,Login

user’s login information

User,Login,Information

userauth

User,Authentication

temporary directories

Temporary,Directory

Process

Labels

auth

Authentication

groupadd

Group,Management

groupdel

Group,Management

su

Su

useradd

Management

userdel

Management

usermod

Management

Status

Labels

down

Down

error

Error

fail

Fail

failed

Fail

failure

Fail

failures

Fail

finished

Finish

illegal

Illegal

incomplete

Incomplete

incorrect

Incorrect

invalid

Invalid

locked

Lock

no longer valid

Invalid

not acceptable

Accept,Deny

not allowed

Deny

not available

Unavailable

not starting

Start,Fail

not valid

Invalid

no available

Unavailable

ok

Successful

pass

Pass

postponed

Postpone

reject

Reject

rejected

Reject

stop

Stop

stopped

Stop

succeeded

Successful

success

Successful

successful

Successful

successfully

Successful

terminating

End

terminated

End

timeout

Timeout

unknown

Unknown

up

Up

valid

Valid

violation

Violation

Sig_Index

Labels

3

Account,Management

11

Service

12

Service

19

Group,Management

20

User,Password

21

Login,Attempt

25

Request

27

Group,Create

29

IP

31

User,Account,Management

32

User,Account,Management

33

Group,Management

35

Account,Management

36

Account

38

Information

41

Off

62

Service

86

Session

88

Management

91

Limit

108

URL,Connection

110

Successful

111

Successful

118

User,Authentication

124

Account,Absent

125

Authentication,Fail

132

Reverse,Map

136

Key,Match,Find

139

Request

141

Connection

147

Connection,Unavailable

169

Read,Connection,Reset

171

Authentication,Attempt,Fail

173

Account

178

Resolve

185

Keystroke,Logging,State

187

User,Absent

193

Service

194

Scope

198

Service

hashtag
Active Response Labels

Message

Labels

starting

Start

failed

Fail

ending

End

successfully unisolated

Host,UnIsolate

successfully isolated

Host,Isolate

Status

Labels

success

Successful

fail

Fail

Command

Labels

delete

Delete

add

Add

Last updated

Was this helpful?