Lucene search

K
nessusTenable710037.PRM
HistoryAug 20, 2004 - 12:00 a.m.

Linux User Account Activity Create User (via Splunk): audit (ADD_USER)

2004-08-2000:00:00
Tenable
www.tenable.com
3

SIEM Pull Service has detected via Splunk query that, on this Linux system, a user account was created. The query used was (sourcetype=linux_audit OR sourcetype=linux_secure) AND (new* OR ADD) AND (user OR USER)

Binary data 710037.prm