Monitor External Device Activities

This option group subsection monitors for specific external device activity such as the various activities that are associated with USB devices. This activity should be monitored on an enterprise network, as such devices may pose the threat of data loss.
Monitor External Device Activities
Option
Description
USB Device Connected
This rule detects a USB device connection event from the Unix Syslog.
USB Device Disconnected
This rule detects a USB device disconnection event from the Unix syslog.
USB Device Detailed Activity
This rule detects a USB device additional events from the Unix Syslog that can be user-defined. Enabling this option provides the type of USB device, serial number and manufacturer information if available.