Detects changes of sensitive and critical files. Monitors files that you don't expect to change without planning on Linux system.
Detects specific commands commonly used to remove or empty the syslog
Detects events in which a history file gets deleted, e.g. the ~/bash_history to remove traces of malicious activity
Identifies when a device or device configuration in azure is modified or deleted.
Identifies when DNS zone is modified or deleted.
Detect a system being shutdown or put into different boot mode