HIDS 553

From Atomicorp Wiki
Revision as of 19:36, 22 July 2011 by Mshinn (Talk | contribs)

Jump to: navigation, search

Rule ID

553

Status

Active rule currently published.

Description

This rule is detects when a monitored file has been deleted, and the system can not longer monitor it. This may be non-malicious, or may indicate that unauthorized changes have occurred on your system.

False Positives

There is no known false positive for this rule. This rule detects when a file has been deleted, and therefore the system can no longer monitor it.

If you believe that this is a false positive, please report this to our security team can determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page.


Tuning Recommendations

None.

Similar Rules

HIDS 550

Knowledge Base Articles

None.

Outside References

Personal tools