Re: Unix Critical File Accessed Detected alert

sv7 · ‎11-21-2023

We have observed more count for Unix Critical File Accessed Detected alert from the user “root” on the Host XYZ-FMC-SECONDARY. And also we observed multiple File names which is containing /etc, due to that alert is triggering.

Can anyone help me how to resolve this.

Marvin Rhoads · ‎11-21-2023

What system is showing you this alert? Can you provide a sanitized screen shot?

sv7 · ‎11-22-2023

Please check attach excel file.

Marvin Rhoads · ‎11-22-2023

Attaching a random spreadsheet does not answer the question "What system is showing you this alert?"

sv7 · ‎11-22-2023

Its ALsec threat management tool that collects fmc logs

Unix Critical File Accessed Detected alert

Critical VLAN with SD-Access

Re: Dead Peer Detection

Secure the Private Access with File Inspection and File Type controls

%Error opening flash:running-backup (No such file or directory)

Copy Rommon files from switch to other one