Account monitoring

If you wish to find out when a user account has been granted a new set of privileges then this can only be done via active monitoring of the accounts. This could be automated by using a security information and event management (SIEM) system that will create and alert you about changes to the system. You will not be alerted by user account review as there could be 6-12 months between the review—you may need to know immediately.

If you want to know immediately when there is a change to a user account such as it being given higher privileges then you need active account monitoring.

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.