Monitor User & Group Changes

This option group section of the policy monitors for specific user and group change-based events.
Monitor User & Group Changes
Option
Description
Monitor User Configuration Changes
This option detects user configuration changes, such as user creation, user deletion, password change, ID change, maximum days of account inactivity, and so on.
Monitor Group Configuration Changes
This option detects group configuration changes, such as group creation, group deletion, membership changes, and so on.
Monitor Changes to Superusers
This option detects Superuser configuration changes, such as Superuser/group creation, addition of user/group to Superuser group, and so on.
The Unix_Baseline_Detection_Basic policy allows to specify only the high level options required for basic baseline monitoring. If you want to configure the granular options, use the Unix_Baseline_Detection_Advanced policy.
For example, the Unix_Baseline_Detection_Basic policy by default detects user creation, user deletion, password change, ID change, maximum days of account inactivity, and so on. If you do not want the policy to detect a specific parameter such as ID change, or maximum days of account inactivity, you can use the Unix_Baseline_Detection_Advanced policy. The Unix_Baseline_Detection_Advanced policy allows you to configure each option individually.