FISMA – Alarm Rules

FISMA: Alarm on Compromise

Best practice

30 min

Single Event

FISMA: Alarm on Audit Log Write Failure

Indicates a system may be shutting down due to inability to audit

30 min

Single Event