Difference between revisions of "HIDS 59207"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Windows audit event }} = Description = This indicates that the specified use...")
 

Latest revision as of 08:32, 22 October 2020

Rule 1
Status Active
Alert Message Windows audit event

Contents

[edit] Description

This indicates that the specified user exercised the user right specified in the Privileges field. This event is largely focused on helping you identify what the user executed the rights for.

[edit] What you should do

This is an auditing rule, and can be disabled if chain of events do not need to be maintained.


[edit] Troubleshooting

[edit] False Positives

There are no false positives with this rule.

[edit] Tuning Guidance

There is no guidance for tuning this rule.

[edit] Additional Information

[edit] Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

[1]

[edit] Notes

Personal tools