Latest revision as of 08:18, 23 October 2020 (edit) Scott (Talk | contribs) (Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Auditd event }} = Description = Auditd: Role-Based Access Control (RBAC) fai...")

---

Latest revision as of 08:18, 23 October 2020

Rule 1
Status	Active
Alert Message	Auditd event

Contents 1 Description 1.1 What you should do 2 Troubleshooting 2.1 False Positives 2.2 Tuning Guidance 3 Additional Information 3.1 Support 3.2 Similar Rules 3.3 Knowledge Base Articles 3.4 Outside References 3.5 Notes

[edit] Description

Auditd: Role-Based Access Control (RBAC) failure detected.

[edit] What you should do

This means the auditd RBAC system has logged a failure by a user or process based on its policy. It could be an IOC

[edit] Troubleshooting

[edit] False Positives

There are no false positives with this rule.

[edit] Tuning Guidance

There is no guidance for tuning this rule, this is a generic error and the rule should not be disabled.

[edit] Additional Information

[edit] Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes