|
|
|
You can use a predefined query to create an alert when a login by a default account is successful. You can use the default keyed list only or you can supplement it with your own values. Predefined values include bin, cisco, daemon, DBSNMP, Guest, helpdesk, Imnadm, invscout, IUSR_ComputerName, mail, Nobody, root, sa, sshd, sys, SYSMAN, system, and Uucp.
To customize the list, you identify the default accounts that are created during operating system, database, or application installations as values in the key-value list for Default_Accounts. The query that uses the values you supply is named Successful Login by Default Accounts in the last 24 hours.
If you create a custom query that uses this key, define the filter as follows:
|
Column |
Operator |
Value |
|---|---|---|
|
dest_username |
Keyed |
Default_Accounts |
To customize keyed values for Default_Accounts
A list of keys to which you add user-defined values is displayed at the bottom of the main pane.
The predefined values appear.
If you have already scheduled an action alert for the query Successful Login by Default Accounts in the last 24 hours, that alert will be generated based on the evaluation of all values in your modified keyed list for Default_Accounts.
| Copyright © 2010 CA. All rights reserved. | Email CA Technologies about this topic |