Difference between revisions of "HIDS 2960"

From Atomicorp Wiki
Jump to: navigation, search
m
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
 
{{Infobox
 
{{Infobox
|header1 = Rule 1
+
|header1 = Rule 2960
 
|label2 = Status
 
|label2 = Status
 
|data2 = Active
 
|data2 = Active
 
|label3 = Alert Message
 
|label3 = Alert Message
|data3 =  audit failure event
+
|data3 =  User added to group
 
}}   
 
}}   
  
Line 13: Line 13:
 
== What you should do ==
 
== What you should do ==
  
This means a user has been added to a group on the target linux system. Investigate if this an authorized change.
+
This means a user has been added to a group on the target linux system. Investigate if this an unauthorized change.
 
+
  
 
= Troubleshooting =
 
= Troubleshooting =

Latest revision as of 16:13, 26 October 2020

Rule 2960
Status Active
Alert Message User added to group

Contents

[edit] Description

User added to group

[edit] What you should do

This means a user has been added to a group on the target linux system. Investigate if this an unauthorized change.

[edit] Troubleshooting

[edit] False Positives

There are no false positives with this rule.

[edit] Tuning Guidance

There is no guidance for tuning this rule, this is a generic error and the rule should not be disabled.

[edit] Additional Information

[edit] Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

Personal tools