|Alert Message||Auditd event|
Auditd: Role-Based Access Control (RBAC) failure detected.
 What you should do
This means the auditd RBAC system has logged a failure by a user or process based on its policy. It could be an IOC
 False Positives
There are no false positives with this rule.
 Tuning Guidance
There is no guidance for tuning this rule, this is a generic error and the rule should not be disabled.
 Additional Information
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
 Similar Rules
 Knowledge Base Articles
 Outside References