cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
372
Views
4
Helpful
2
Replies

CSA 6.0 Rule Creation

rz7dzmeds
Level 1
Level 1

I would like to create a File Access Control rule to generate an alert when the /var/adm/csalog is attempted to be modified on *nix systems. An Agent Service Control rule already generates an alert when this file is modified, however we need to isolate this activity down to a File Access Control rule. I have attempted to define the rule from scratch, however it's not working. Any guidance on this would be appreciated.

2 Replies 2

jan.nielsen
Level 7
Level 7

Create a new File Access control rule, make it as specific as possible on src application and filename/directory, and then make it a monitor rule, it will then log it no matter what other rules are in place.

I will configure that, and update the thread. Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: