You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Zabbix agents when executing custom scripts as extensions will trigger a lot of T1166_Seuid_and_Setgid rules. Since Zabbix agent usually has a lot of various checks done by custom scripts this should be excluded.
Adding
-F uid!=zabbix
to these rules should be enough (correctly installed agent should have zabbix user) to stop the rules from spamming.
The text was updated successfully, but these errors were encountered:
j91321
changed the title
High triggering of T1166_Seuid_and_Setgid rules by Zabbix agent
T1166_Seuid_and_Setgid rules triggered by Zabbix agent
Mar 5, 2020
Zabbix agents when executing custom scripts as extensions will trigger a lot of T1166_Seuid_and_Setgid rules. Since Zabbix agent usually has a lot of various checks done by custom scripts this should be excluded.
Adding
to these rules should be enough (correctly installed agent should have zabbix user) to stop the rules from spamming.
The text was updated successfully, but these errors were encountered: