Alert Rule Categories
ObserveIT’s library of rule scenarios are grouped by security categories to help navigation and facilitate their operation and maintenance.
Categories apply to Windows, Mac, or Unix/Linux systems; some are relevant for all systems.
In addition to the built-in categories, you can create new security categories. You can also unassign rules from categories, and reassign them.
The following table lists the alert rule categories with an indication of which operating systems they apply to. To see details about the rules that apply to each category, click the relevant √ indication.
|
Category |
Windows/Mac |
Unix/Linux |
|---|---|---|
| Data Exfiltration | ||
| Data Infiltration (Bringing in Troubles) | ||
| Hiding Information and Covering Tracks | ||
| Unauthorized Machine Access | ||
| Unauthorized Data Access |
|
|
| Bypassing Security Controls |
|
|
| Unacceptable Use |
|
|
| Careless Behavior | ||
| Creating Backdoor | ||
| Time Fraud |
|
|
| Unauthorized Activity on Servers |
|
|
| Running Malicious Software | ||
| Performing Unauthorized Admin Tasks | ||
| Copyright Infringement |
|
|
| Searching for Information |
|
|
| Using Unauthorized Communication Tools |
|
|
| Installing/Uninstalling Questionable Software |
|
|
| Unauthorized Active Directory Activity |
|
|
| Unauthorized DBA Activity |
|
|
| Shell Attack |
|
|
| Preparation for Attack |
|
|
| Unauthorized Shell Opening |
|
|
| IT Sabotage |
|
|
| Performing Privilege Elevation |
|
|
| Identity Theft |
|
|
| System Tampering |
|
|
| Messing with ObserveIT Components | ||
| GIT Suspicious Activity | ||
| Docker and Containers Suspicious Activity |
|