Difference between revisions of "HIDS 59207"
From Atomicorp Wiki
(Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Windows audit event }} = Description = This indicates that the specified use...") |
Latest revision as of 08:32, 22 October 2020
Rule 1 | |
---|---|
Status | Active |
Alert Message | Windows audit event |
Contents |
[edit] Description
This indicates that the specified user exercised the user right specified in the Privileges field. This event is largely focused on helping you identify what the user executed the rights for.
[edit] What you should do
This is an auditing rule, and can be disabled if chain of events do not need to be maintained.
[edit] Troubleshooting
[edit] False Positives
There are no false positives with this rule.
[edit] Tuning Guidance
There is no guidance for tuning this rule.
[edit] Additional Information
[edit] Support
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.