Rule 1
Status	Active
Alert Message	OSSEC event

Contents 1 Description 1.1 What you should do 2 Troubleshooting 2.1 False Positives 2.2 Tuning Guidance 3 Additional Information 3.1 Support 3.2 Similar Rules 3.3 Knowledge Base Articles 3.4 Outside References 3.5 Notes

Description

OSSEC Rootkit detection has detected a service change on the system. This may indicate a successful compromise or simply the activation of a new service.

What you should do

Investigate the new service on the target host, and confirm if it is legitimate.

Troubleshooting

False Positives

There are no false positives with this rule.

Tuning Guidance

There is no guidance for tuning this rule.

Additional Information

Support

If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Notes