System External Device Activity Monitor
This option group subsection monitors for specific external device activity such as the various activities that are associated with USB devices. This activity should be monitored on an enterprise network, as such devices may pose the threat of data loss.
Parameter | Description |
|---|---|
Option Path
| System External Device Activity Monitor > USB Device Activity |
Option | USB Device Connected |
Rule Name |
USB_Device_Connected |
Severity |
Warning |
Description | Detects a USB device connection event from the
UNIX syslog. |
Parameter | Description |
|---|---|
Option Path
| System External Device Activity Monitor > USB Device Activity |
Option | USB Device Disconnected |
Rule Name |
USB_Device_Disconnected |
Severity |
Warning |
Description | Detects a USB device disconnection event from the
UNIX syslog. |
Parameter | Description |
|---|---|
Option Path
| System External Device Activity Monitor > USB Device Activity |
Option | USB Device Additional Activity |
Rule Name |
USB_Device_Additional |
Severity |
Warning |
Description | Detects user-defined USB device-related activities from the
UNIX syslog. |