Release 18 - Out-of-the-box alerts
- Juan Tomás Alonso Nieto (Deactivated)
Detection name | Detection description | Devo table / Data source / Category | Update |
| This alert shows a anonymous IP detection made by MCAS |
| Alert Logic Update |
| Detects file creation in /etc/profile.d directory. Files created here can automatically execute scripts on the boot up of the machine. |
| Alert Logic Update |
| Detects excessive Palo Alto firewall authentication failures for a single IP within a short period of time. Â |
| Fixed field naming |
| Detects failed login attempts from a single host to two or more accounts in ten minutes. The account number threshold and time threshold should be adjusted to suit organizational needs. |
| New Alert |
| A log related file is stored in a directory or archive that is made accessible to unauthorized actors. |
| Alert Logic Updated |