HIDS 81530
Rule 1 | |
---|---|
Status | Active |
Alert Message | Windows audit failure event |
Contents |
Description
Windows has failed to properly audit an event.
What you should do
This means something is wrong with the auditing system on the effected Windows system. This could be caused by a lack of disk space, a misconfiguration of the auditing services or a system level problem on the host that is prevening the auditing system from working correctly. The effected system should be checked to ensure it has adequate drive space, is configured correctly and is otherwise operating correctly. The system should also be checked to ensure it has the latest updates from Microsoft installed.
For some regulatory frameworks, a failure of the auditing system to work correctly may require the system to be shut down or taken out of service until the auditing system is working correctly.
Troubleshooting
False Positives
There are no false positives with this rule.
Tuning Guidance
There is no guidance for tuning this rule, this is a generic Windows error and the rule should not be disabled.
Additional Information
Support
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
Rule 1 | |
---|---|
Status | Active |
Alert Message | OpenSCAP event |
Description
OpenSCAP compliance score for this profile scored less than 30%
What you should do
This means the systems overall compliance to the configured profile scored less than 30%. Investigate the host for the specific failing controls to determine if they can be changed to meet the control requirements.
Troubleshooting
False Positives
There are no false positives with this rule.
Tuning Guidance
There is no guidance for tuning this rule.
Additional Information
Support
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
Notes
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.