Host-based anomaly detection event (rootcheck).
147 views
Skip to first unread message
Gowtham Murugesan
Nov 4, 2022, 3:27:37 AM11/4/22
to Wazuh mailing list
Hi Everyone,
For the past two weeks i am getting huge number of counts for the Host-based anomaly detection event (rootcheck). I don't know why I am getting this.
In this event, the rule description is file is owned by root and written permission to anyone. Can anyone explain whether this event is vulnerable for the server and i am trying to reduce the noise for this event if it unwanted.
Thanks in advance.
Mariano Koremblum
Dec 6, 2022, 11:14:56 AM12/6/22
to Wazuh mailing list
Hi Gowtham,
Could you please show us the actual alert? From what I understand, a file owned by root should not have writing permissions to anyone. Which file is it?
I will be waiting for your reply,
I will be waiting for your reply,
Mariano Koremblum
Reply all
Reply to author
Forward
0 new messages