Alert Rule Categories

ObserveIT’s library of rule scenarios are grouped by security categories to help navigation and facilitate their operation and maintenance.

Categories apply to Windows, Mac, or Unix/Linux systems; some are relevant for all systems.

In addition to the built-in categories, you can create new security categories. You can also unassign rules from categories, and reassign them.

The following table lists the alert rule categories with an indication of which operating systems they apply to. To see details about the rules that apply to each category, click the relevant √ indication.




Data Exfiltration

Data Infiltration (Bringing in Troubles)

Hiding Information and Covering Tracks

Unauthorized Machine Access

Unauthorized Data Access


Bypassing Security Controls


Unacceptable Use


Careless Behavior

Creating Backdoor

Time Fraud


Unauthorized Activity on Servers


Running Malicious Software

Performing Unauthorized Admin Tasks

Copyright Infringement


Searching for Information


Using Unauthorized Communication Tools


Installing/Uninstalling Questionable Software


Unauthorized Active Directory Activity


Unauthorized DBA Activity


Shell Attack


Preparation for Attack


Unauthorized Shell Opening


IT Sabotage


Performing Privilege Elevation


Identity Theft


System Tampering


Messing with ObserveIT Components

GIT Suspicious Activity

Docker and Containers Suspicious Activity