https://wiki.atomicorp.com/wiki/index.php?title=HIDS_554&feed=atom&action=historyHIDS 554 - Revision history2024-03-28T11:29:56ZRevision history for this page on the wikiMediaWiki 1.20.2https://wiki.atomicorp.com/wiki/index.php?title=HIDS_554&diff=6195&oldid=prevScott: Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = FIM event }} = Description = FIM has detected a new file was added to the sy..."2020-10-22T15:58:57Z<p>Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = FIM event }} = Description = FIM has detected a new file was added to the sy..."</p>
<p><b>New page</b></p><div>{{Infobox<br />
|header1 = Rule 1<br />
|label2 = Status<br />
|data2 = Active<br />
|label3 = Alert Message<br />
|data3 = FIM event<br />
}} <br />
<br />
= Description =<br />
<br />
FIM has detected a new file was added to the system. <br />
<br />
== What you should do ==<br />
<br />
This could be an indicator of compromise. Investigate this addition to ensure it was authorized. <br />
<br />
<br />
= Troubleshooting =<br />
<br />
== False Positives ==<br />
<br />
There are no false positives with this rule.<br />
<br />
== Tuning Guidance ==<br />
<br />
There is no guidance for tuning this rule, this is a generic event and the rule should not be disabled.<br />
<br />
= Additional Information =<br />
<br />
== Support ==<br />
<br />
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!<br />
<br />
== Similar Rules ==<br />
<br />
None.<br />
<br />
== Knowledge Base Articles== <br />
<br />
None.<br />
<br />
== Outside References == <br />
<br />
None.<br />
<br />
== Notes ==</div>Scott