Highlighted
Absent Member.
Absent Member.
228 views

Rules for Unix

Hi experts,

I am trying to create two unix rules, but I am not able to identify these in the events that are coming through. It might very well be possible that these events have not yet triggered on the unix servers. I need help to create the conditions for these rules, so that once the corres[ponding event is actually generated on the unix systems, these rules would trigger.

  

Unix - User home directory modifiedThis rule looks for modification done to unix user account's home directory
Unix - User account parameters modifiedThis rule looks for modification done to unix user account's security parameters

Many thanks.

Labels (3)
Tags (2)
0 Likes
1 Reply
Highlighted
Absent Member.
Absent Member.

Re: Rules for Unix

Hi Vishal,

Are you getting event ID for integrated unix logs ?

Then you can build rule based on event ID of "User home directory modified" event.

If not, I will suggest you to generate these event on any UAT unix server and then analyse those events in ArcSight to build rule logic.

I hope this helps.

Regards,

Pratik

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.