HIDS 60702

From Atomicorp Wiki
Revision as of 11:54, 21 October 2020 by Scott (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 1
Status Active
Alert Message Windows audit failure event

Contents

[edit] Description

This indicates that the VSS service has gone idle. It would indicate that a process before it (backup, restore, etc) has completed.

The Volume Shadow Copy Service (VSS) provides the ability to create a point in time image (shadow copy) of one or more volumes that can be used to perform backups. The service is also used during restores of applications.


[edit] What you should do

This is an auditing event, indicating that an action has completed. Some auditing frameworks may require this data to be collected. Otherwise, this rule requires no action and could be set to not log.


[edit] Troubleshooting

[edit] False Positives

There are no false positives with this rule.

[edit] Tuning Guidance

If it is not required, this rule can be set to not log or otherwise be disabled safely.


[edit] Additional Information

[edit] Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

Personal tools