Unauthorized Activity on Servers
Unauthorized Activity on Servers (Windows/Mac)
The following out-of-the-box alert rules are assigned to the (Windows/Mac) Category: UNAUTHORIZED ACTIVITY ON SERVERS.
|
ALERT RULE |
Description |
|---|---|
| Accessing Social Media Sites from Server |
An alert is triggered upon browsing to Social Media Sites on a machine that functions as a server. This action could indicate an intent to steal sensitive information from the server or to download files/folders to this server. |
| Installing software on Server |
An alert is triggered upon running software installations on a machine that functions as a server. Usually servers are installed only with applications that are critical for performing their business tasks. |
| Running unauthorized email or webmail on Server |
An alert is triggered upon running either a desktop email client or webmail (via a browser) on a machine that functions as a server. This operation could indicate an intent to take out sensitive information from the server or to download files. |
| Running unauthorized Instant Messaging application on Server |
An alert is triggered upon running an Instant Messaging application on a machine that functions as a server. This operation could indicate an intent to steal sensitive information from the server or to download files/folders to this server. |