PCI 10.2.7 - Create/delete system level objects. Having a sysadmin create and delete a file in /bin, /etc, but it's not showing up in PCI views (or in any regular views). Any tips or suggestions on how to get these events showing in the SIEM? Using 10.4 ESM.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.