forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlinux_secure.yml
More file actions
47 lines (47 loc) · 759 Bytes
/
linux_secure.yml
File metadata and controls
47 lines (47 loc) · 759 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: Linux Secure
id: 9a47d88b-1b17-49ce-a0ef-b440ddbd98bb
version: 1
date: '2024-07-18'
author: Patrick Bareiss, Splunk
description: Data source object for Linux Secure
source: /var/log/secure
sourcetype: linux_secure
supported_TA: []
fields:
- _time
- action
- app
- date_hour
- date_mday
- date_minute
- date_month
- date_second
- date_wday
- date_year
- date_zone
- dest
- dvc
- eventtype
- host
- index
- linecount
- pid
- process
- punct
- source
- sourcetype
- splunk_server
- src
- src_port
- sshd_protocol
- tag
- tag::action
- tag::eventtype
- timeendpos
- timestartpos
- user
- user_name
- vendor_action
- vendor_product
example_log: 'May 27 09:28:36 ip-172-31-24-46 sshd[5617]: Accepted password for mikael
from 84.202.159.161 port 63487 ssh2'