Difference between revisions of "HIDS 550"
m |
m |
||
| Line 13: | Line 13: | ||
'''False Positives''' | '''False Positives''' | ||
| − | There is no known false positive for this rule. This rule detects when files change, therefore, it is not recommended that you disable this rule. | + | There is no known false positive for this rule. This rule detects when files change, therefore, it is not recommended that you disable this rule. Instead, if you do not wish to be alerted when a specific file or files in a particular directory change, please log into the ASL GUI, click on the ASL tab, select the File Integrity menu options and modify your configuration to ignore this file or directory. |
If you believe that this is a false positive, please report this to our security team can determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page. | If you believe that this is a false positive, please report this to our security team can determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page. | ||
| Line 20: | Line 20: | ||
'''Tuning Recommendations''' | '''Tuning Recommendations''' | ||
| − | + | If you do not wish to monitor the file or directory reported as changed, log into the ASL GUI, click on the ASL tab, select the File Integrity menu options and modify your configuration to ignore this file or directory. | |
'''Similar Rules''' | '''Similar Rules''' | ||
Revision as of 15:36, 18 December 2011
Rule ID
550
Status
Active rule currently published.
Description
This rule is detects when a monitored file changes.
False Positives
There is no known false positive for this rule. This rule detects when files change, therefore, it is not recommended that you disable this rule. Instead, if you do not wish to be alerted when a specific file or files in a particular directory change, please log into the ASL GUI, click on the ASL tab, select the File Integrity menu options and modify your configuration to ignore this file or directory.
If you believe that this is a false positive, please report this to our security team can determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page.
Tuning Recommendations
If you do not wish to monitor the file or directory reported as changed, log into the ASL GUI, click on the ASL tab, select the File Integrity menu options and modify your configuration to ignore this file or directory.
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
