The User Privilege Gain action deals with the expression of event information pertaining to the detection of activity related to privilege gain to another user account. (Ex: Brute force attack on a SQL account with higher privileges)
|
Information |
Level |
|---|---|
|
Source - User Information |
Tertiary |
|
Source - Host Information |
Primary |
|
Source - Object Information |
Primary |
|
Source - Process Information |
Tertiary |
|
Source - Group Information |
Tertiary |
|
Dest - User Information |
Secondary |
|
Dest - Host Information |
Primary |
|
Dest - Object Information |
Tertiary |
|
Dest - Process Information |
Tertiary |
|
Dest - Group Information |
Tertiary |
|
Agent - Information |
Primary |
|
Agent - Host Information |
Primary |
|
Event Source - Host Information |
Primary |
|
Event Source - Information |
Tertiary |
|
Event - Information |
Primary |
|
Result - Information |
Primary |
The important information for this action is which signature was matched for the connection from which host to which host. The event information was expressed on which host and recorded by which agent on which host.
|
Result |
event_result |
event_severity |
|---|---|---|
|
Success |
S |
4 |
|
Failure |
F |
3 |
|
Attempt |
A |
3 |
|
Copyright © 2013 CA.
All rights reserved.
|
|