| DisplayName | Description | ID | Target | Category | Enabled | Instance Name | Counter Name | Frequency | Event_ID | Event Source | Alert Generate | Alert Severity | Alert Priority | Remotable | Event Log |
| Adding Group (SUSE Linux Enterprise Server 11) | Rule to collect events for adding a new group | Microsoft.ACS.Linux.SLES.11.Adding.Group | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Adding User (SUSE Linux Enterprise Server 11) | Rule to collect events for adding a new user | Microsoft.ACS.Linux.SLES.11.Adding.User | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Adding User to Group (SUSE Linux Enterprise Server 11) | Rule to collect events for adding a user to a group | Microsoft.ACS.Linux.SLES.11.Adding.User.To.Group | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed Console Login (SUSE Linux Enterprise Server 11) | Rule to collect events for failed console login events | Microsoft.ACS.Linux.SLES.11.Console.Failed | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Invalid Console Login (SUSE Linux Enterprise Server 11) | Rule to collect events for invalid console login events | Microsoft.ACS.Linux.SLES.11.Console.Invalid | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Deleting Group (SUSE Linux Enterprise Server 11) | Rule to collect events for deleting a group | Microsoft.ACS.Linux.SLES.11.Deleting.Group | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Deleting User (SUSE Linux Enterprise Server 11) | Rule to collect events for deleting a user | Microsoft.ACS.Linux.SLES.11.Deleting.User | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Deleting User from Group (SUSE Linux Enterprise Server 11) | Rule to collect events for deleting a user from a group | Microsoft.ACS.Linux.SLES.11.Deleting.User.From.Group | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed Password Change (SUSE Linux Enterprise Server 11) | Rule to collect events for failed password change | Microsoft.ACS.Linux.SLES.11.Password.Change.Failed | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful Password Change (SUSE Linux Enterprise Server 11) | Rule to collect events for successful password change from root user | Microsoft.ACS.Linux.SLES.11.Password.Change.From.Root.Succeeded | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful Password Change (SUSE Linux Enterprise Server 11) | Rule to collect events for successful password change from non-root user | Microsoft.ACS.Linux.SLES.11.Password.Change.From.User.Succeeded | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Maximum Tried Password Change (SUSE Linux Enterprise Server 11) | Rule to collect events for maximum number of tries to change password | Microsoft.ACS.Linux.SLES.11.Password.Change.Maximum.Tries | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed ssh login (SUSE Linux Enterprise Server 11) | Rule to collect events for failed ssh login | Microsoft.ACS.Linux.SLES.11.Ssh.Failed | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Invalid ssh login (SUSE Linux Enterprise Server 11) | Rule to collect events for invalid ssh login | Microsoft.ACS.Linux.SLES.11.Ssh.Invalid | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful ssh login (SUSE Linux Enterprise Server 11) | Rule to collect events for successful ssh login | Microsoft.ACS.Linux.SLES.11.Ssh.Succeeded | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed su (SUSE Linux Enterprise Server 11) | Rule to collect events for failed call to su | Microsoft.ACS.Linux.SLES.11.Su.Failed | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful su (SUSE Linux Enterprise Server 11) | Rule to collect events for successful call to su | Microsoft.ACS.Linux.SLES.11.Su.Succeeded | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed sudo with one or two times try (password) (SUSE Linux Enterprise Server 11) | Rule to collect events for bad password failed call to sudo | Microsoft.ACS.Linux.SLES.11.Sudo.Conversation.Error | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed sudo (SUSE Linux Enterprise Server 11) | Rule to collect events for failed call to sudo | Microsoft.ACS.Linux.SLES.11.Sudo.Failed | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Invalid sudo (SUSE Linux Enterprise Server 11) | Rule to collect events for no privileges for sudo operations | Microsoft.ACS.Linux.SLES.11.Sudo.Invalid | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful sudo (SUSE Linux Enterprise Server 11) | Rule to collect events for successful call to sudo | Microsoft.ACS.Linux.SLES.11.Sudo.Succeeded | Microsoft.ACS.Linux.SLES.11.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |