APP CONTROL MONITORING-RELATED INCIDENTS
The script monitoring incidents are currently as “App Control Violation” incidents.
|
SL NO |
Event Type |
Description |
|
1 |
Access Control Violation |
If a process is spawned on the configured host that violates the configured ACP rules under the section File-less Execution Rules > User Access Control, VSP generates an incident |
|
2 |
Child Process Violation |
If a child process is spawned on the configured host while the ACP is configured to "block" under Dynamic Execution Rule, VSP generates an incident |
|
3 |
Command-line violation |
If a command is executed on the configured host that violates the configured ACP rules under the section File-less Execution Rules > Command Line, VSP generates an incident |
|
4 |
Parent Process Violation |
If a process is spawned on the configured host that violates the configured ACP rules under the section File-less Execution Rules > Parent Process Control, VSP generates an incident |
|
5 |
Process Disallowed Violation |
If the process is not allowlisted and the option "Block Unless Allowlisted" is selected in the configured ACP, VSP generates an incident |
|
6 |
Script Monitoring |
If a process is spawned on the configured host while the ACP is configured not to allow the file extension under File-based execution Rule, VSP generates an incidentt |
Table – ACP Incident Types
While ACP violations (Fileless and Process Disallowed) are reported in the incident screen, they may not show a visual "warning" symbol in the Host Profile and Edit Allowlist screen.