https://wiki.atomicorp.com/wiki/index.php?title=HIDS_2960&feed=atom&action=historyHIDS 2960 - Revision history2024-03-29T14:38:41ZRevision history for this page on the wikiMediaWiki 1.20.2https://wiki.atomicorp.com/wiki/index.php?title=HIDS_2960&diff=6286&oldid=prevMshinn at 21:13, 26 October 20202020-10-26T21:13:00Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:13, 26 October 2020</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{{Infobox</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>{{Infobox</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>|header1 = Rule <del class="diffchange diffchange-inline">1</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>|header1 = Rule <ins class="diffchange diffchange-inline">2960</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|label2 = Status</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|label2 = Status</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|data2 = Active</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|data2 = Active</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|label3 = Alert Message</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|label3 = Alert Message</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>|data3 =  <del class="diffchange diffchange-inline">audit failure event</del></div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>|data3 =  <ins class="diffchange diffchange-inline">User added to group</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>}}   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>}}   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=HIDS_2960&diff=6285&oldid=prevMshinn: /* What you should do */2020-10-26T21:11:50Z<p><span dir="auto"><span class="autocomment">What you should do</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:11, 26 October 2020</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== What you should do ==</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>== What you should do ==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>This means a user has been added to a group on the target linux system. Investigate if this an <del class="diffchange diffchange-inline">authorized </del>change.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>This means a user has been added to a group on the target linux system. Investigate if this an <ins class="diffchange diffchange-inline">unauthorized </ins>change.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>= Troubleshooting =</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>= Troubleshooting =</div></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=HIDS_2960&diff=6284&oldid=prevMshinn: /* What you should do */2020-10-26T21:11:31Z<p><span dir="auto"><span class="autocomment">What you should do</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 21:11, 26 October 2020</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 14:</td>
<td colspan="2" class="diff-lineno">Line 14:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This means a user has been added to a group on the target linux system. Investigate if this an authorized change.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This means a user has been added to a group on the target linux system. Investigate if this an authorized change.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>= Troubleshooting =</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>= Troubleshooting =</div></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=HIDS_2960&diff=6283&oldid=prevScott at 17:54, 23 October 20202020-10-23T17:54:46Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 17:54, 23 October 2020</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">{{Infobox</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|header1 = Rule 1</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|header1 = Rule 1</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|label2 = Status</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>|label2 = Status</div></td></tr>
</table>Scotthttps://wiki.atomicorp.com/wiki/index.php?title=HIDS_2960&diff=6282&oldid=prevScott: Created page with "|header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = audit failure event }} = Description = User added to group == What you should do == ..."2020-10-23T17:54:18Z<p>Created page with "|header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = audit failure event }} = Description = User added to group == What you should do == ..."</p>
<p><b>New page</b></p><div>|header1 = Rule 1<br />
|label2 = Status<br />
|data2 = Active<br />
|label3 = Alert Message<br />
|data3 = audit failure event<br />
}} <br />
<br />
= Description =<br />
<br />
User added to group<br />
<br />
== What you should do ==<br />
<br />
This means a user has been added to a group on the target linux system. Investigate if this an authorized change.<br />
<br />
<br />
= Troubleshooting =<br />
<br />
== False Positives ==<br />
<br />
There are no false positives with this rule.<br />
<br />
== Tuning Guidance ==<br />
<br />
There is no guidance for tuning this rule, this is a generic error and the rule should not be disabled.<br />
<br />
= Additional Information =<br />
<br />
== Support ==<br />
<br />
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!<br />
<br />
== Similar Rules ==<br />
<br />
None.<br />
<br />
== Knowledge Base Articles== <br />
<br />
None.<br />
<br />
== Outside References == <br />
<br />
None.<br />
<br />
== Notes ==</div>Scott