Event Types
| Event | Severity | Source | Deskripsi |
|-------|----------|--------|-----------|
| ssh_login | HIGH | auth.log | Login SSH berhasil |
| su_login | HIGH | auth.log | Privilege escalation via su |
| ssh_failed | MEDIUM | auth.log | Gagal login SSH |
| firewall_block | MEDIUM | syslog | iptables DROP/REJECT |
| file_modified | LOW–HIGH | inotify | File berubah di path monitored |
| file_deleted | LOW–HIGH | inotify | File dihapus |
| malicious_process | HIGH | procfs | Process signature match (18 patterns) |
| cron_execution | LOW | syslog | Eksekusi cron job |
| session_open | LOW | syslog | pam_unix session opened |