Can anyone tell me what values (drop downs and fill in) to place in the SNARE Agnet Objectives fields if I wish to monitor failed attempts to write to the /etc directory?
I was told from the objective screen to select from left to right:
Criticality 3 Orange
Events Read/Write a File/Directory
Next select "Change Configuration", "Apply Configuration"
After perform the following settings general users who fail to write a test file to the /etc/ directory still do not reflect their failed attempts in the in the SNARE; Display Recent events Windows.