| | DisplayName | Description | ID | Target | Category | Enabled | Instance Name | Counter Name | Frequency | Event_ID | Event Source | Alert Generate | Alert Severity | Alert Priority | Remotable | Event Log |
|---|
 | Adding Group (SUSE Linux Enterprise Server 9) | Rule to collect events for adding a new group | Microsoft.ACS.Linux.SLES.9.Adding.Group | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Adding User (SUSE Linux Enterprise Server 9) | Rule to collect events for adding a new user | Microsoft.ACS.Linux.SLES.9.Adding.User | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed Console Login (SUSE Linux Enterprise Server 9) | Rule to collect events for failed console login events | Microsoft.ACS.Linux.SLES.9.Console.Failed | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Invalid Console Login (SUSE Linux Enterprise Server 9) | Rule to collect events for invalid console login events | Microsoft.ACS.Linux.SLES.9.Console.Invalid | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Deleting User (SUSE Linux Enterprise Server 9) | Rule to collect events for deleting a user | Microsoft.ACS.Linux.SLES.9.Deleting.User | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed Password Change (SUSE Linux Enterprise Server 9) | Rule to collect events for failed password change | Microsoft.ACS.Linux.SLES.9.Password.Change.Failed | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Maximum Tried Password Change (SUSE Linux Enterprise Server 9) | Rule to collect events for maximum number of tries to change password | Microsoft.ACS.Linux.SLES.9.Password.Change.Maximum.Tries | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed ssh login (SUSE Linux Enterprise Server 9) | Rule to collect events for failed ssh login | Microsoft.ACS.Linux.SLES.9.Ssh.Failed | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Invalid ssh login (SUSE Linux Enterprise Server 9) | Rule to collect events for invalid ssh login | Microsoft.ACS.Linux.SLES.9.Ssh.Invalid | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful ssh login (SUSE Linux Enterprise Server 9) | Rule to collect events for successful ssh login | Microsoft.ACS.Linux.SLES.9.Ssh.Succeeded | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed su (SUSE Linux Enterprise Server 9) | Rule to collect events for failed call to su | Microsoft.ACS.Linux.SLES.9.Su.Failed | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful su (SUSE Linux Enterprise Server 9) | Rule to collect events for successful call to su | Microsoft.ACS.Linux.SLES.9.Su.Succeeded | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Failed sudo (SUSE Linux Enterprise Server 9) | Rule to collect events for bad password failed call to sudo | Microsoft.ACS.Linux.SLES.9.Sudo.Failed | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Invalid sudo (SUSE Linux Enterprise Server 9) | Rule to collect events for no privileges for sudo operations | Microsoft.ACS.Linux.SLES.9.Sudo.Invalid | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
| Successful sudo (SUSE Linux Enterprise Server 9) | Rule to collect events for successful call to sudo | Microsoft.ACS.Linux.SLES.9.Sudo.Succeeded | Microsoft.ACS.Linux.SLES.9.ACSEndPoint | EventCollection | True | | | 0 | 0 | | False | | | True | |
Home