Products: Citrix - ADC
| Rule ID | Rule Name |
|---|---|
| THRESHOLD-S00096 | Brute Force Attempt |
| FIRST-S00028 | First Seen Common Windows Recon Commands From User |
| FIRST-S00029 | First Seen Successful Authentication From Unexpected Country |
| THRESHOLD-S00097 | Impossible Travel - Successful |
| THRESHOLD-S00098 | Impossible Travel - Unsuccessful |
| THRESHOLD-S00095 | Password Attack |
| OUTLIER-S00001 | Spike in Login Failures from a User |
| CHAIN-S00008 | Successful Brute Force |
| MATCH-S00555 | Threat Intel - Inbound Traffic Context |
| MATCH-S00815 | Threat Intel - Successful Authentication from Threat IP |
| Log Mapper ID | Log Mapper Name |
|---|---|
| f38d18e2-ea57-449b-b564-aa82f9df0a91 | Citrix NetScaler - AAA-LOGIN_FAILED |
| d41065cb-0786-40c4-8656-3934f27ba14c | Citrix NetScaler - Command Executed |
| 0460cef5-59e3-4e52-be8c-59952694460e | Citrix NetScaler - MESSAGE |
| 4e3841fb-ebbe-43f1-91f4-287467f28338 | Citrix NetScaler - SSL Handshake Success |
| 16f5dcb3-9685-491a-b0e7-08fd78c9fd8c | Citrix NetScaler - SSLVPN-HTTPREQUEST |
| 1a63e8c0-2553-4433-bfd6-624bd62c08a9 | Citrix NetScaler - SSLVPN-ICA Events |
| d102bd01-4e1b-4654-ba39-9dc44db84476 | Citrix NetScaler - SSLVPN-LOGIN |
| f1f18593-3ac5-497e-abae-14e3252b1c46 | Citrix NetScaler - SSLVPN-LOGOUT |
| dae628cd-6bed-42af-ba88-cddee5f577dc | Citrix NetScaler - SSLVPN-TCPCONNSTAT |
| a82454bc-1ed8-471d-9e8c-973d7cbbb5c9 | Citrix NetScaler - TCP-CONN_TERMINATE |