| | DisplayName | Description | ID | Target | Category | Enabled | Instance Name | Counter Name | Frequency | Event_ID | Event Source | Alert Generate | Alert Severity | Alert Priority | Remotable | Event Log |
|---|
 | Adding Group (Red Hat Enterprise Linux Server 4) | Rule to collect events for adding a new group | Microsoft.ACS.Linux.RHEL.4.Adding.Group | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Adding User (Red Hat Enterprise Linux Server 4) | Rule to collect events for adding a new user | Microsoft.ACS.Linux.RHEL.4.Adding.User | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Adding User to Group (Red Hat Enterprise Linux Server 4) | Rule to collect events for adding a user to a group | Microsoft.ACS.Linux.RHEL.4.Adding.User.To.Group | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed Console Login (Red Hat Enterprise Linux Server 4) | Rule to collect events for failed console login | Microsoft.ACS.Linux.RHEL.4.Console.Login.Failed | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful Console Login (Red Hat Enterprise Linux Server 4) | Rule to collect events for successful console login | Microsoft.ACS.Linux.RHEL.4.Console.Login.Succeeded | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Deleting Group (Red Hat Enterprise Linux Server 4) | Rule to collect events for deleting a group | Microsoft.ACS.Linux.RHEL.4.Deleting.Group | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Deleting User (Red Hat Enterprise Linux Server 4) | Rule to collect events for deleting a user | Microsoft.ACS.Linux.RHEL.4.Deleting.User | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Deleting User from Group (Red Hat Enterprise Linux Server 4) | Rule to collect events for deleting a user from a group | Microsoft.ACS.Linux.RHEL.4.Deleting.User.From.Group | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed Password Change (Red Hat Enterprise Linux Server 4) | Rule to collect events for failed password change | Microsoft.ACS.Linux.RHEL.4.Password.Change.Failed | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful Password Change (Red Hat Enterprise Linux Server 4) | Rule to collect events for successful password change | Microsoft.ACS.Linux.RHEL.4.Password.Change.Succeeded | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed ssh login (Red Hat Enterprise Linux Server 4) | Rule to collect events for failed ssh login | Microsoft.ACS.Linux.RHEL.4.Ssh.Failed | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful ssh login (Red Hat Enterprise Linux Server 4) | Rule to collect events for successful ssh login | Microsoft.ACS.Linux.RHEL.4.Ssh.Succeeded | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed su (Red Hat Enterprise Linux Server 4) | Rule to collect events for failed call to su | Microsoft.ACS.Linux.RHEL.4.Su.Failed | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful su (Red Hat Enterprise Linux Server 4) | Rule to collect events for successful call to su | Microsoft.ACS.Linux.RHEL.4.Su.Succeeded | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed sudo (Red Hat Enterprise Linux Server 4) | Rule to collect events for failed call to sudo | Microsoft.ACS.Linux.RHEL.4.Sudo.Failed | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Invalid sudo (Red Hat Enterprise Linux Server 4) | Rule to collect events for invalid call to sudo | Microsoft.ACS.Linux.RHEL.4.Sudo.Invalid | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful sudo (Red Hat Enterprise Linux Server 4) | Rule to collect events for successful call to sudo | Microsoft.ACS.Linux.RHEL.4.Sudo.Succeeded | Microsoft.ACS.Linux.RHEL.4.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
Home