New User

This alert occurs when the host running the Lacework agent sees a new user. A new user name generates this alert.

Why this Alert is Important

Users are created and given access to the data center by an administrator. Depending on the level of access assigned, an unauthorized new user may present a potential risk to the host and network.

Investigation

Contact the administrator and confirm the new user account.

Resolution

If the new user is determined to be unauthorized, disable the account. Perform local forensics, look for signs of lateral movement, and an alternative method of persistence. Take the necessary steps to restore the host to a known, clean state as necessary.

Why this Alert is Important​

Investigation​

Resolution​

Why this Alert is Important

Investigation

Resolution