Monitor External Device Activities
This option group subsection monitors for specific external device activity such as the various activities that are associated with USB devices. This activity should be monitored on an enterprise network, as such devices may pose the threat of data loss.
Option | Description |
|---|---|
USB Device Connected | This rule detects a USB device connection event from the Unix
Syslog. |
USB Device Disconnected | This rule detects a USB device disconnection event from
the Unix syslog. |
USB Device Detailed Activity | This rule detects a USB device additional events from
the Unix Syslog that can be user-defined. Enabling this
option provides the type of USB device, serial number
and manufacturer information if available. |