My reply definitely comes very late though your query reads very familiar to me. SAL alerts are not always carrying a realistic severity scoring. Often singular alerts are harmless, only when put in context with other events (not necessarily logged in the audit log!) a series of actions unfolds an exploit. PM me in case you require intelligence to be put into your audit logging...
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.