| | DisplayName | Description | ID | Target | Category | Enabled | Instance Name | Counter Name | Frequency | Event_ID | Event Source | Alert Generate | Alert Severity | Alert Priority | Remotable | Event Log |
|---|
 | Adding Group (Universal Linux) | Rule to collect events for adding a new group | Microsoft.ACS.Linux.Universal.Adding.Group | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Adding User (Universal Linux) | Rule to collect events for adding a new user | Microsoft.ACS.Linux.Universal.Adding.User | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Adding User to Group (Universal Linux) | Rule to collect events for adding a user to a group | Microsoft.ACS.Linux.Universal.Adding.User.To.Group | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Failed Console Login (Universal Linux) | Rule to collect events for failed console login | Microsoft.ACS.Linux.Universal.Console.Login.Failed | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Successful Console Login (Universal Linux) | Rule to collect events for successful console login | Microsoft.ACS.Linux.Universal.Console.Login.Succeeded | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Deleting Group (Universal Linux) | Rule to collect events for deleting a group | Microsoft.ACS.Linux.Universal.Deleting.Group | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Deleting User (Universal Linux) | Rule to collect events for deleting a user | Microsoft.ACS.Linux.Universal.Deleting.User | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Deleting User from Group (Universal Linux) | Rule to collect events for deleting a user from a group | Microsoft.ACS.Linux.Universal.Deleting.User.From.Group | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Failed Password Change (Universal Linux) | Rule to collect events for failed password change | Microsoft.ACS.Linux.Universal.Password.Change.Failed | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Successful Password Change (Universal Linux) | Rule to collect events for successful password change | Microsoft.ACS.Linux.Universal.Password.Change.Succeeded | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Failed ssh login (Universal Linux) | Rule to collect events for failed ssh login | Microsoft.ACS.Linux.Universal.Ssh.Failed | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Successful ssh login (Universal Linux) | Rule to collect events for successful ssh login | Microsoft.ACS.Linux.Universal.Ssh.Succeeded | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Failed su (Universal Linux) | Rule to collect events for failed call to su | Microsoft.ACS.Linux.Universal.Su.Failed | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Successful su (Universal Linux) | Rule to collect events for successful call to su | Microsoft.ACS.Linux.Universal.Su.Succeeded | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Failed sudo (Universal Linux) | Rule to collect events for failed call to sudo | Microsoft.ACS.Linux.Universal.Sudo.Failed | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Invalid sudo (Universal Linux) | Rule to collect events for invalid call to sudo | Microsoft.ACS.Linux.Universal.Sudo.Invalid | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
| Successful sudo (Universal Linux) | Rule to collect events for successful call to sudo | Microsoft.ACS.Linux.Universal.Sudo.Succeeded | Microsoft.ACS.Linux.Universal.ACSEndPoint | EventCollection | False | | | 0 | 0 | | False | | | True | |
Home