Skip to main content

Documentation

Version

  1. uberAgent
  2. 6.1.2
  3. ESA Features & Configuration
  4. Activity Monitoring Engine
  5. Root CA certificate monitoring
Previous document Next document
This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.

Root CA certificate monitoring

The ESA Activity Monitoring rules for monitoring changes to root CA certificates are vast limits vendor rules.

The rules detect certificate chain cloning and cloned root trust attacks by monitoring writes to user and machine registry keys. For details, check the following rules:

  • Detect AuthRoot, CA and Root certificate changes per machine
  • Detect AuthRoot, CA and Root certificate changes per user

Comments

Your email address will not be published. Required fields are marked *