You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Do not modify the SACL entry if it´s not necessary. Check everyone user, write permission, successful attempt and inherence.
Remove deleted files from the Syscheck hash table.
Protect the syscheck hash table from multiple simultaneous accesses.
Mark directories with SACL modified by the user, it should not be restored. If there is any problem to monitor who-data, turn into the classic real-time mode. ac5caa3
Allow directories.
Allow file definitions.
Limit monitored events to reduce noise. Evaluate the possibility of including in the XPATH query all the parent directories whose events we want to subscribe to.
Detect System user modifications. If there is any problem to monitor who-data, turn into the classic real-time mode.
Let's make the agent capable to collect who-data for FIM events.
This feature should add this data:
Linux - Integration with Audit
Windows
Use SACL and EventChannel to get who-data in Windows systems.
The text was updated successfully, but these errors were encountered: