Configuration Change Use Cases
Grouped by Detection Method
Aggregate Count
- Count of Changes per Source User
- Count of Changes per Source System
Blacklist Alert
Whitelist Alert
- Audit Policy Changed by Unexpected User
- Audit Policy Changed at Unexpected Time of Day
- Audit Policy Changed at Unexpected Day of Week
Levenshtein Score Alert
Rolling Whitelist Alert
Shannon Entropy Score Alert
Threshold Alert
Log Source Examples
Possible False Positives