OS Modification Checks Test
This test monitors the target host and reports the number of recently scheduled tasks. In addition, this test also reports the number of local user accounts created. This way, administrators can proactively identify any unusual scheduled tasks or suspicious accounts created and promptly take action before it leads to any security issues. The detailed diagnosis of this test provides details of the scheduled tasks such as task name, created time, and who created the task. Also, the detailed diagnosis helps administrators to know more about the user account created, like who created the account, created time, privileges, display, and SAM name, etc.
Target of the test : A Windows host
Agent deploying the test : An internal agent
Outputs of the test : One set of results for the Windows host being monitored
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
|
Port |
The port on which the server is listening. By default, it is given as NULL. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Recent scheduled tasks |
Indicates the number of recently scheduled tasks. |
Number |
The detailed diagnosis of this measure provide details of the task name, Created time of the task, Command, Logon type, and user name who created the task. |
|
New local user accounts |
Indicated the number of new local user accounts created. |
Number |
The detailed diagnosis can be used to find more details such as who created the account, created time, created account, SAM account name, User principal name and workstations, Password last set, Account expiry, and Privileges. |
|
Recent deleted tasks |
Indicates the number of recently deleted tasks. |
Number |
The detailed diagnosis of this measure provide details of Task name, Deleted time of the task, user name who deleted the task and Computer used to delete the task. |
|
Recent updated tasks |
Indicates the number of recently updated tasks. |
Number |
The detailed diagnosis of this measure provide details of the Task name, Updated time of the task, Command, Logon type, user name who updated the task and Computer used to update the task. |
|
Recent enabled tasks |
Indicates the number of recently enabled tasks. |
Number |
The detailed diagnosis of this measure provide details of the Task name, Enabled time of the task, Command, Logon type, user name who enabled the task and Computer used to enable the task. |
|
Recent disabled tasks |
Indicates the number of recently disabled tasks. |
Number |
The detailed diagnosis of this measure provide details of the Task name, Disabled time of the task, Command, Logon type, user name who disabled the task and Computer used to disable the task. |
The detailed diagnosis capability of the Recent scheduled tasks measure, if enabled, provides the details of the Task name, Created time of the task, Command, Logon type, and user name who created the task (see Figure 1).
Figure 1 : Detailed diagnosis of Recent scheduled tasks measure
The detailed diagnosis capability of the Recent deleted tasks measure, if enabled, provides the details of Task name, Deleted time of the task, user name who deleted the task and Computer used to delete the task (see Figure 2).
Figure 2 : Detailed diagnosis of Recent deleted tasks measure
The detailed diagnosis capability of the Recent updated tasks measure, if enabled, provides the details of the Task name, Updated time of the task, Command, Logon type, user name who updated the task and Computer used to update the task (see Figure 3).
Figure 3 : Detailed diagnosis of Recent updated tasks measure
The detailed diagnosis capability of the Recent enabled tasks measure, if enabled, provides the details of the Task name, Enabled time of the task, Command, Logon type, user name who enabled the task and Computer used to enable the task (see Figure 4).
Figure 4 : Detailed diagnosis of Recent enabled tasks measure
The detailed diagnosis capability of the Recent disabled tasks measure, if enabled, provides the details of the Task name, Disabled time of the task, Command, Logon type, user name who disabled the task and Computer used to disable the task (see Figure 5).
Figure 5 : Detailed diagnosis of Recent disabled tasks measure
