Difference between revisions of "HIDS 2960"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "|header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = audit failure event }} = Description = User added to group == What you should do == ...")
 
m
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
|header1 = Rule 1
+
{{Infobox
 +
|header1 = Rule 2960
 
|label2 = Status
 
|label2 = Status
 
|data2 = Active
 
|data2 = Active
 
|label3 = Alert Message
 
|label3 = Alert Message
|data3 =  audit failure event
+
|data3 =  User added to group
 
}}   
 
}}   
  
Line 12: Line 13:
 
== What you should do ==
 
== What you should do ==
  
This means a user has been added to a group on the target linux system. Investigate if this an authorized change.
+
This means a user has been added to a group on the target linux system. Investigate if this an unauthorized change.
 
+
  
 
= Troubleshooting =
 
= Troubleshooting =

Latest revision as of 17:13, 26 October 2020

Rule 2960
Status Active
Alert Message User added to group

Contents

[edit] Description

User added to group

[edit] What you should do

This means a user has been added to a group on the target linux system. Investigate if this an unauthorized change.

[edit] Troubleshooting

[edit] False Positives

There are no false positives with this rule.

[edit] Tuning Guidance

There is no guidance for tuning this rule, this is a generic error and the rule should not be disabled.

[edit] Additional Information

[edit] Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

Personal tools