https://wiki.atomicorp.com/wiki/index.php?title=HIDS_59248&feed=atom&action=historyHIDS 59248 - Revision history2024-03-29T11:46:39ZRevision history for this page on the wikiMediaWiki 1.20.2https://wiki.atomicorp.com/wiki/index.php?title=HIDS_59248&diff=6186&oldid=prevScott: Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Windows audit failure event }} = Description = Security Enabled Global group..."2020-10-22T15:40:23Z<p>Created page with "{{Infobox |header1 = Rule 1 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Windows audit failure event }} = Description = Security Enabled Global group..."</p>
<p><b>New page</b></p><div>{{Infobox<br />
|header1 = Rule 1<br />
|label2 = Status<br />
|data2 = Active<br />
|label3 = Alert Message<br />
|data3 = Windows audit failure event<br />
}} <br />
<br />
= Description =<br />
<br />
Security Enabled Global group changed.<br />
<br />
== What you should do ==<br />
<br />
This means the security group changed (user added, removed, etc). Investigate this change to ensure it was authorized.<br />
<br />
= Troubleshooting =<br />
<br />
== False Positives ==<br />
<br />
There are no false positives with this rule.<br />
<br />
== Tuning Guidance ==<br />
<br />
There is no guidance for tuning this rule, this is a generic Windows error and the rule should not be disabled.<br />
<br />
= Additional Information =<br />
<br />
== Support ==<br />
<br />
If you are unsure about how to respond to this alert, please contact Atomicorp support. We're here to help you!<br />
<br />
== Similar Rules ==<br />
<br />
None.<br />
<br />
== Knowledge Base Articles== <br />
<br />
None.<br />
<br />
== Outside References == <br />
<br />
None.<br />
<br />
== Notes ==</div>Scott