Skip to main content
The 2026 Annual Developer Survey is live— take the Survey today!.

Questions tagged [audit]

Observing/logging a resource for purposes of: - Adding it to a blacklist of whitelist - Keeping tabs on the security of a system

Score of 0
1 answer
178 views

I set Audit File Access to Success, Failure. I checked the CREATE, DELETE, WRITE attributes under auditing in the relevant folder. If I delete a folder or file, I see it successfully under EVENT ID ...
Score of 1
1 answer
767 views

On September 15 2025, a npm supply chain attack named shai hulud was discovered. It extracts extracts secrets from git repositories, either by injecting github actions and trufflehog. From my ...
Score of 2
0 answers
214 views

I am trying to monitor folder creation, moves and renames for a certain directory. I have enabled "Audit File System" in group policy. And have configured the folder audit settings per below....
Score of 0
0 answers
216 views

I found somewhere online that you can set up log rotation for audit_log on httpserver so in my modsecurity.conf i switched logging conf from: SecAuditLog logs/audit_log to SecAuditLog "|/usr/IBM/...
Score of 2
2 answers
314 views

Several users have reported receiving phishing emails, and one at least has admitted to following the link. Investigation found that their Microsoft 365 account had been compromised (despite MFA being ...
Score of 3
1 answer
959 views

Many thanks the @Romeo Ninov's help! The mistakes I made are should use file /etc/audit/rules.d/audit.rules to add a rule for RedHat 7 & 8 should use service auditd restart to restart auditctl ...
Score of 1
0 answers
70 views

I would like to know if there is a way to audit what files a user is "passing" from the file server to their local environment. I have the event viewer enabled but I can only see which file ...
Score of 0
1 answer
807 views

In windows 10, after I use the following command to enable Security System Extension: auditpol /set /subcategory:"Security System Extension" /success:enable /failure:disable Whenever a new ...
Score of 2
2 answers
505 views

I have a simple Splunk set-up.  about 120 or so Linux servers (that are all basically appliances) w/ universal forwarder installed, and a single Linux server running Splunk Enterprise acting as the ...
Score of 0
1 answer
623 views

I have started working as sysadmin at a company that uses Microsoft 365. Before I started a few generically named accounts with the Global Administrator role were being used by multiple people to do ...
Score of 0
0 answers
271 views

Good day everyone ! I am looking if there is any way to audit or look at a audit log for any specific actions done by a specific user on a deployment for example. My goal would be to see, who scaled ...
Score of 0
1 answer
1433 views

I'm trying to enable auditing of service start/stop events for a few specific services on a group of domain computers, and to make this change using Group Policy. I've seen this answer, however when I ...
Score of 1
0 answers
755 views

I configured auditd to send the logs to SIEM through rsyslog. But when I get those logs the proctitle is in hex. Ex.: <134>Aug 25 17:08:44 vmauditd tag_audit_log: node=vmauditd type=PROCTITLE ...
Score of 3
1 answer
8650 views

I have some Linux servers that are getting errors like the below in the logs... auditd[1074]: Error receiving audit netlink packet (No buffer space available) I know HOW to resolve the issue (tweak ...
Score of 0
1 answer
425 views

I'm trying to implement file access auditing on a Windows Server 2019 machine with mixed success. The server in question is a member server, but not a domain controller. I have enabled success ...

15 30 50 per page
1
2 3 4 5
23