Linux User Account Activity Delete User (via Splunk): audit (DEL_USER, plain)

info Nessus Network Monitor Plugin ID 710033

Synopsis

SIEM Pull Service has detected via Splunk query that, on this Linux system, a user account was deleted.

Description

SIEM Pull Service has detected via Splunk query that, on this Linux system, a user account was deleted. The query used was (sourcetype=linux_audit OR sourcetype=linux_secure) AND (op=delete-user OR "delet* user")

Solution

N/A

Plugin Details

Severity: Info

ID: 710033

Family: Policy

Published: 8/20/2004

Updated: 5/18/2018