System External Device Activity Monitor

This option group subsection monitors for specific external device activity such as the various activities that are associated with USB devices. This activity should be monitored on an enterprise network, as such devices may pose the threat of data loss.
Description of the
USB Device Connected
parameters used
Parameter
Description
Option Path
System External Device Activity Monitor > USB Device Activity
Option
USB Device Connected
Rule Name
USB_Device_Connected
Severity
Warning
Description
Detects a USB device connection event from the UNIX syslog.
Description of the
USB Device Disconnected
parameters used
Parameter
Description
Option Path
System External Device Activity Monitor > USB Device Activity
Option
USB Device Disconnected
Rule Name
USB_Device_Disconnected
Severity
Warning
Description
Detects a USB device disconnection event from the UNIX syslog.
Description of the
USB Device Additional Activity
parameters used
Parameter
Description
Option Path
System External Device Activity Monitor > USB Device Activity
Option
USB Device Additional Activity
Rule Name
USB_Device_Additional
Severity
Warning
Description
Detects user-defined USB device-related activities from the UNIX syslog.