HIDS 59207
From Atomicorp Wiki
Rule 1 | |
---|---|
Status | Active |
Alert Message | Windows audit event |
Contents |
Description
This indicates that the specified user exercised the user right specified in the Privileges field. This event is largely focused on helping you identify what the user executed the rights for.
What you should do
This is an auditing rule, and can be disabled if chain of events do not need to be maintained.
Troubleshooting
False Positives
There are no false positives with this rule.
Tuning Guidance
There is no guidance for tuning this rule.
Additional Information
Support
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
Similar Rules
None.
Knowledge Base Articles
None.