HIDS 533
From Atomicorp Wiki
Rule 1 | |
---|---|
Status | Active |
Alert Message | OSSEC event |
Contents |
Description
OSSEC Rootkit detection has detected a service change on the system. This may indicate a successful compromise or simply the activation of a new service.
What you should do
Investigate the new service on the target host, and confirm if it is legitimate.
Troubleshooting
False Positives
There are no false positives with this rule.
Tuning Guidance
There is no guidance for tuning this rule.
Additional Information
Support
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.