centrify.rules

# Sagan centrify.rules
# Copyright (c) 2009-2023. Quadrant Information Security <www.quadrantsec.com>
# All rights reserved.
#
# Please submit any custom rules or ideas to sagan-submit@quadrantsec.com or the sagan-sigs mailing list
#
#*************************************************************
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
#  following conditions are met:
#
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived
#    from this software without specific prior written permission.
#
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES,
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#*************************************************************
#
# Rules by Casey Pennington (cpennington@quadrantsec.com)
# 2019/01/10

alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM authentication denied [Brute Force] [10/1]"; content: "centrifyEventID|3d|24101"; after: track by_src, count 10, seconds 300; threshold: type suppress, track by_src, count 1, seconds 300; xbits: set,brute_force,track ip_src, expire 21600; classtype: brute-force; program: adclient; sid: 5003977; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM open session denied [Brute Force] [10/1]"; content: "centrifyEventID|3d|24501"; after: track by_src, count 10, seconds 300; threshold: type suppress, track by_src, count 1, seconds 300; xbits: set,brute_force,track ip_src, expire 21600; classtype: brute-force; program: adclient; sid: 5003979; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[CENTRIFY] SSHD Denied [Brute Force] [10/1]"; content: "centrifyEventID|3d|27101"; nocase; parse_src_ip: 1; default_proto: tcp; default_dst_port: $SSH_PORT; after: track by_src, count 10, seconds 300; threshold: type suppress, track by_src, count 1, seconds 300; xbits: set,brute_force,track ip_src, expire 21600; classtype: brute-force; program: adclient; sid: 5004300; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[CENTRIFY] Failed Publickey [Brute Force] [10/1]"; content: "centrifyEventID|3d|27101"; nocase; content: "reason|3d|AUTH|5f|FAIL|5f|PUBKEY"; nocase; parse_src_ip: 1; default_proto: tcp; default_dst_port: $SSH_PORT; after: track by_src, count 10, seconds 300; threshold: type suppress, track by_src, count 1, seconds 300; xbits: set,brute_force,track ip_src, expire 21600; classtype: brute-force; program: adclient; sid:  5004301; rev:2;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[CENTRIFY] Invalid or Invalidated user [Brute Force] [10/1]"; content: "centrifyEventID|3d|27101"; nocase; content: "reason|3d|INVALID|5f|USER"; nocase; parse_src_ip: 1; default_proto: tcp; default_dst_port: $SSH_PORT; after: track by_src, count 10, seconds 300; threshold: type suppress, track by_src, count 1, seconds 300; xbits: set,brute_force,track ip_src, expire 21600; classtype: brute-force; program: adclient; sid:  5004302; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[CENTRIFY] Gssapi/Kerberos Authentication Failure [Brute Force] [10/1]"; content: "reason|3d|AUTH|5f|FAIL|5f|GSSAPI"; nocase; content: "centrifyEventID|3d|27101"; nocase; parse_src_ip: 1; default_proto: tcp; default_dst_port: $SSH_PORT; after: track by_src, count 10, seconds 300; threshold: type suppress, track by_src, count 1, seconds 300; xbits: set,brute_force,track ip_src, expire 21600; classtype: brute-force; program: adclient; sid:  5004303; rev:3;)

alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[CENTRIFY] Successful dzdo to user ROOT executed"; content: "USER=root"; content: "COMMAND="; classtype: successful-admin; program: dzdo; sid:  5004304; rev:1;)


#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Create new installation succeeded  "; content: "centrifyEventID=12201"; classtype: system-event; program: *adclient*; sid: 5003991; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Create new installation failed"; content: "centrifyEventID=12202"; classtype: system-event; program: *adclient*; sid: 5003992; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Installation update succeeded"; content: "centrifyEventID=12203"; classtype: system-event; program: *adclient*; sid: 5003993; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Installation update failed"; content: "centrifyEventID=12204"; classtype: system-event; program: *adclient*; sid: 5003994; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Installation permissions update succeeded"; content: "centrifyEventID=12205"; classtype: system-event; program: *adclient*; sid: 5003995; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Installation permissions update failed"; content: "centrifyEventID=12206"; classtype: system-event; program: *adclient*; sid: 5003996; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remove installation succeeded"; content: "centrifyEventID=12207"; classtype: system-event; program: *adclient*; sid: 5003997; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remove installation failed"; content: "centrifyEventID=12208"; classtype: system-event; program: *adclient*; sid: 5003998; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit options updated"; content: "centrifyEventID=12251"; classtype: system-event; program: *adclient*; sid: 5003999; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Management Database succeeded"; content: "centrifyEventID=12209"; classtype: system-event; program: *adclient*; sid: 5004000; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Management Database failed"; content: "centrifyEventID=12210"; classtype: system-event; program: *adclient*; sid: 5004001; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Management Database update"; content: "centrifyEventID=12211"; classtype: system-event; program: *adclient*; sid: 5004002; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Management Database update"; content: "centrifyEventID=12212"; classtype: system-event; program: *adclient*; sid: 5004003; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Management Database succeeded"; content: "centrifyEventID=12213"; classtype: system-event; program: *adclient*; sid: 5004004; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Management Database failed"; content: "centrifyEventID=12214"; classtype: system-event; program: *adclient*; sid: 5004005; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remove Management Database succeeded"; content: "centrifyEventID=12215"; classtype: system-event; program: *adclient*; sid: 5004006; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remove Management Database failed"; content: "centrifyEventID=12216"; classtype: system-event; program: *adclient*; sid: 5004007; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Audit Store succeeded"; content: "centrifyEventID=12217"; classtype: system-event; program: *adclient*; sid: 5004008; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Audit Store failed"; content: "centrifyEventID=12218"; classtype: system-event; program: *adclient*; sid: 5004009; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Store update succeeded   "; content: "centrifyEventID=12219"; classtype: system-event; program: *adclient*; sid: 5004010; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Store update failed"; content: "centrifyEventID=12220"; classtype: system-event; program: *adclient*; sid: 5004011; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Store permissions update succeeded"; content: "centrifyEventID=12221"; classtype: system-event; program: *adclient*; sid: 5004012; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Store permissions update failed"; content: "centrifyEventID=12222"; classtype: system-event; program: *adclient*; sid: 5004013; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remove Audit Store succeeded"; content: "centrifyEventID=12223"; classtype: system-event; program: *adclient*; sid: 5004014; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remove Audit Store failed"; content: "centrifyEventID=12224"; classtype: system-event; program: *adclient*; sid: 5004015; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Audit Store Database succeeded"; content: "centrifyEventID=12225"; classtype: system-event; program: *adclient*; sid: 5004016; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Audit Store Database failed"; content: "centrifyEventID=12226"; classtype: system-event; program: *adclient*; sid: 5004017; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Attach Audit Store Database succeeded"; content: "centrifyEventID=12227"; classtype: system-event; program: *adclient*; sid: 5004018; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Attach Audit Store Database failed"; content: "centrifyEventID=12228"; classtype: system-event; program: *adclient*; sid: 5004019; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Attach DirectAudit Version 1 succeeded"; content: "centrifyEventID=12229"; classtype: system-event; program: *adclient*; sid: 5004020; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Attach DirectAudit Version 1 failed"; content: "centrifyEventID=12230"; classtype: system-event; program: *adclient*; sid: 5004021; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Set Active Audit Store succeeded"; content: "centrifyEventID=12231"; classtype: system-event; program: *adclient*; sid: 5004022; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Set Active Audit Store failed"; content: "centrifyEventID=12232"; classtype: system-event; program: *adclient*; sid: 5004023; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Store Database update succeeded"; content: "centrifyEventID=12233"; classtype: system-event; program: *adclient*; sid: 5004024; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Store Database update failed"; content: "centrifyEventID=12234"; classtype: system-event; program: *adclient*; sid: 5004025; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Detach Audit Store Database succeeded"; content: "centrifyEventID=12235"; classtype: system-event; program: *adclient*; sid: 5004026; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Detach Audit Store Database failed"; content: "centrifyEventID=12236"; classtype: system-event; program: *adclient*; sid: 5004027; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete Audit Store Database succeeded"; content: "centrifyEventID=12237"; classtype: system-event; program: *adclient*; sid: 5004028; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete Audit Store Database failed"; content: "centrifyEventID=12238"; classtype: system-event; program: *adclient*; sid: 5004029; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Audit Role succeeded"; content: "centrifyEventID=12239"; classtype: system-event; program: *adclient*; sid: 5004030; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Audit Role failed"; content: "centrifyEventID=12240"; classtype: system-event; program: *adclient*; sid: 5004031; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Role update succeeded"; content: "centrifyEventID=12241"; classtype: system-event; program: *adclient*; sid: 5004032; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Role update failed"; content: "centrifyEventID=12242"; classtype: system-event; program: *adclient*; sid: 5004033; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Role permissions update succeeded"; content: "centrifyEventID=12243"; classtype: system-event; program: *adclient*; sid: 5004034; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Role permissions update failed"; content: "centrifyEventID=12244"; classtype: system-event; program: *adclient*; sid: 5004035; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Role assign member succeeded"; content: "centrifyEventID=12245"; classtype: system-event; program: *adclient*; sid: 5004036; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Role assign member failed"; content: "centrifyEventID=12246"; classtype: system-event; program: *adclient*; sid: 5004037; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Role remove member succeeded"; content: "centrifyEventID=12247"; classtype: system-event; program: *adclient*; sid: 5004038; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audit Role remove member failed"; content: "centrifyEventID=12248"; classtype: system-event; program: *adclient*; sid: 5004039; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete Audit Role succeeded"; content: "centrifyEventID=12249"; classtype: system-event; program: *adclient*; sid: 5004040; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete Audit Role failed"; content: "centrifyEventID=12250"; classtype: system-event; program: *adclient*; sid: 5004041; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Start collector service succeeded"; content: "centrifyEventID=42251"; classtype: system-event; program: *adclient*; sid: 5004042; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Start collector service failed"; content: "centrifyEventID=42252"; classtype: system-event; program: *adclient*; sid: 5004043; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Stop collector service succeeded"; content: "centrifyEventID=42253"; classtype: system-event; program: *adclient*; sid: 5004044; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Stop collector service failed"; content: "centrifyEventID=42254"; classtype: system-event; program: *adclient*; sid: 5004045; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Collector settings update succeeded"; content: "centrifyEventID=42255"; classtype: system-event; program: *adclient*; sid: 5004046; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Collector settings update failed"; content: "centrifyEventID=42256"; classtype: system-event; program: *adclient*; sid: 5004047; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Start agent service succeeded"; content: "centrifyEventID=42257"; classtype: system-event; program: *adclient*; sid: 5004048; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Start agent service failed"; content: "centrifyEventID=42258"; classtype: system-event; program: *adclient*; sid: 5004049; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Stop agent service succeeded"; content: "centrifyEventID=42259"; classtype: system-event; program: *adclient*; sid: 5004050; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Stop agent service failed"; content: "centrifyEventID=42260"; classtype: system-event; program: *adclient*; sid: 5004051; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Agent settings update succeeded"; content: "centrifyEventID=42261"; classtype: system-event; program: *adclient*; sid: 5004052; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Agent settings update failed"; content: "centrifyEventID=42262"; classtype: system-event; program: *adclient*; sid: 5004053; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete session"; content: "centrifyEventID=3001"; classtype: system-event; program: *adclient*; sid: 5004054; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete session by criteria"; content: "centrifyEventID=3002"; classtype: system-event; program: *adclient*; sid: 5004055; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Set session reviewers succeeded"; content: "centrifyEventID=3003"; classtype: system-event; program: *adclient*; sid: 5004056; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Set session reviewers failed"; content: "centrifyEventID=3004"; classtype: system-event; program: *adclient*; sid: 5004057; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remove session reviewers succeeded"; content: "centrifyEventID=3005"; classtype: system-event; program: *adclient*; sid: 5004058; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remove session reviewers failed"; content: "centrifyEventID=3006"; classtype: system-event; program: *adclient*; sid: 5004059; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Console login success"; content: "centrifyEventID=6001"; classtype: system-event; program: *adclient*; sid: 5004060; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Console login failure    "; content: "centrifyEventID=6002"; classtype: system-event; program: *adclient*; sid: 5004061; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remote login success"; content: "centrifyEventID=6003"; classtype: system-event; program: *adclient*; sid: 5004062; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remote login failure    "; content: "centrifyEventID=6004"; classtype: system-event; program: *adclient*; sid: 5004063; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Run with privilege success"; content: "centrifyEventID=6005"; classtype: system-event; program: *adclient*; sid: 5004064; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Run with privilege failure"; content: "centrifyEventID=6006"; classtype: system-event; program: *adclient*; sid: 5004065; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Create desktop success"; content: "centrifyEventID=6007"; classtype: system-event; program: *adclient*; sid: 5004066; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Create desktop failure"; content: "centrifyEventID=6008"; classtype: system-event; program: *adclient*; sid: 5004067; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Network access success"; content: "centrifyEventID=6009"; classtype: system-event; program: *adclient*; sid: 5004068; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Console logon failure"; content: "centrifyEventID=6010"; classtype: system-event; program: *adclient*; sid: 5004069; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Remote login failure"; content: "centrifyEventID=6011"; classtype: system-event; program: *adclient*; sid: 5004070; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Run with privilege success"; content: "centrifyEventID=6012"; classtype: system-event; program: *adclient*; sid: 5004071; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Run with privilege failure"; content: "centrifyEventID=6013"; classtype: system-event; program: *adclient*; sid: 5004072; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Create desktop success"; content: "centrifyEventID=6014"; classtype: system-event; program: *adclient*; sid: 5004073; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Create desktop failure"; content: "centrifyEventID=6015"; classtype: system-event; program: *adclient*; sid: 5004074; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Switch desktop success"; content: "centrifyEventID=6016"; classtype: system-event; program: *adclient*; sid: 5004075; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Switch desktop failure"; content: "centrifyEventID=6017"; classtype: system-event; program: *adclient*; sid: 5004076; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Run with privilege failure"; content: "centrifyEventID=6018"; classtype: system-event; program: *adclient*; sid: 5004077; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Create desktop failure"; content: "centrifyEventID=6019"; classtype: system-event; program: *adclient*; sid: 5004078; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Switch desktop failure"; content: "centrifyEventID=6020"; classtype: system-event; program: *adclient*; sid: 5004079; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Join to zone success"; content: "centrifyEventID=6021"; classtype: system-event; program: *adclient*; sid: 5004080; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Join to zone failure"; content: "centrifyEventID=6022"; classtype: system-event; program: *adclient*; sid: 5004081; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Leave from zone success"; content: "centrifyEventID=6023"; classtype: system-event; program: *adclient*; sid: 5004082; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Leave from zone failure"; content: "centrifyEventID=6024"; classtype: system-event; program: *adclient*; sid: 5004083; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add role success"; content: "centrifyEventID=6025"; classtype: system-event; program: *adclient*; sid: 5004084; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add role failure"; content: "centrifyEventID=6026"; classtype: system-event; program: *adclient*; sid: 5004085; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add role assignment success"; content: "centrifyEventID=6027"; classtype: system-event; program: *adclient*; sid: 5004086; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add role assignment failure"; content: "centrifyEventID=6028"; classtype: system-event; program: *adclient*; sid: 5004087; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] login success"; content: "centrifyEventID=9001"; classtype: system-event; program: *adclient*; sid: 5004088; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Zone administrative tasks delegated"; content: "centrifyEventID=36101"; classtype: system-event; program: *adclient*; sid: 5004089; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delegation of zone administrative tasks failed "; content: "centrifyEventID=36102"; classtype: system-event; program: *adclient*; sid: 5004090; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Computer administrative tasks delegated"; content: "centrifyEventID=36103"; classtype: system-event; program: *adclient*; sid: 5004091; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delegation of computer administrative tasks failed"; content: "centrifyEventID=36104"; classtype: system-event; program: *adclient*; sid: 5004092; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Computer role administrative tasks delegated"; content: "centrifyEventID=36105"; classtype: system-event; program: *adclient*; sid: 5004093; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delegation of computer role administrative tasks failed"; content: "centrifyEventID=36106"; classtype: system-event; program: *adclient*; sid: 5004094; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Zone created"; content: "centrifyEventID=36201"; classtype: system-event; program: *adclient*; sid: 5004095; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Zone creation failed"; content: "centrifyEventID=36202"; classtype: system-event; program: *adclient*; sid: 5004096; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Zone deleted"; content: "centrifyEventID=36203"; classtype: system-event; program: *adclient*; sid: 5004097; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Zone deletion failed"; content: "centrifyEventID=36204"; classtype: system-event; program: *adclient*; sid: 5004098; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Zone modified"; content: "centrifyEventID=36205"; classtype: system-event; program: *adclient*; sid: 5004099; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Zone update failed"; content: "centrifyEventID=36206"; classtype: system-event; program: *adclient*; sid: 5004100; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] User added to a zone"; content: "centrifyEventID=36301"; classtype: system-event; program: *adclient*; sid: 5004101; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add user to a zone failed"; content: "centrifyEventID=36302"; classtype: system-event; program: *adclient*; sid: 5004102; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] User deleted from a zone"; content: "centrifyEventID=36303"; classtype: system-event; program: *adclient*; sid: 5004103; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete user from a zone failed"; content: "centrifyEventID=36304"; classtype: system-event; program: *adclient*; sid: 5004104; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] User profile modified in a zone"; content: "centrifyEventID=36305"; classtype: system-event; program: *adclient*; sid: 5004105; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify user in a zone failed"; content: "centrifyEventID=36306"; classtype: system-event; program: *adclient*; sid: 5004106; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] User added to a computer"; content: "centrifyEventID=36307"; classtype: system-event; program: *adclient*; sid: 5004107; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add user to a computer failed"; content: "centrifyEventID=36308"; classtype: system-event; program: *adclient*; sid: 5004108; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] User deleted from computer"; content: "centrifyEventID=36309"; classtype: system-event; program: *adclient*; sid: 5004109; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete user from a computer failed"; content: "centrifyEventID=36310"; classtype: system-event; program: *adclient*; sid: 5004110; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] User profile modified on a computer"; content: "centrifyEventID=36311"; classtype: system-event; program: *adclient*; sid: 5004111; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify user on a computer failed"; content: "centrifyEventID=36312"; classtype: system-event; program: *adclient*; sid: 5004112; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Group added to a zone"; content: "centrifyEventID=36401"; classtype: system-event; program: *adclient*; sid: 5004113; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add group to a zone failed"; content: "centrifyEventID=36402"; classtype: system-event; program: *adclient*; sid: 5004114; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Group deleted from a zone"; content: "centrifyEventID=36403"; classtype: system-event; program: *adclient*; sid: 5004115; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete group from a zone failed"; content: "centrifyEventID=36404"; classtype: system-event; program: *adclient*; sid: 5004116; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Group profile modified in a zone"; content: "centrifyEventID=36405"; classtype: system-event; program: *adclient*; sid: 5004117; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify group in a zone failed"; content: "centrifyEventID=36406"; classtype: system-event; program: *adclient*; sid: 5004118; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Group added to a computer"; content: "centrifyEventID=36407"; classtype: system-event; program: *adclient*; sid: 5004119; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add group to a computer failed"; content: "centrifyEventID=36408"; classtype: system-event; program: *adclient*; sid: 5004120; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Group deleted from a computer"; content: "centrifyEventID=36409"; classtype: system-event; program: *adclient*; sid: 5004121; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete group from a computer failed"; content: "centrifyEventID=36410"; classtype: system-event; program: *adclient*; sid: 5004122; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Group profile modified on a computer"; content: "centrifyEventID=36411"; classtype: system-event; program: *adclient*; sid: 5004123; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify group for a computer failed"; content: "centrifyEventID=36412"; classtype: system-event; program: *adclient*; sid: 5004124; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Computer added"; content: "centrifyEventID=36501"; classtype: system-event; program: *adclient*; sid: 5004125; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add computer failed"; content: "centrifyEventID=36502"; classtype: system-event; program: *adclient*; sid: 5004126; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Computer deleted"; content: "centrifyEventID=36503"; classtype: system-event; program: *adclient*; sid: 5004127; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete computer failed"; content: "centrifyEventID=36504"; classtype: system-event; program: *adclient*; sid: 5004128; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Computer modified"; content: "centrifyEventID=36505"; classtype: system-event; program: *adclient*; sid: 5004129; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify computer failed"; content: "centrifyEventID=36506"; classtype: system-event; program: *adclient*; sid: 5004130; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM access right added"; content: "centrifyEventID=36601"; classtype: system-event; program: *adclient*; sid: 5004131; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add PAM right failed"; content: "centrifyEventID=36602"; classtype: system-event; program: *adclient*; sid: 5004132; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM right deleted"; content: "centrifyEventID=36603"; classtype: system-event; program: *adclient*; sid: 5004133; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete PAM right failed"; content: "centrifyEventID=36604"; classtype: system-event; program: *adclient*; sid: 5004134; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM right modified"; content: "centrifyEventID=36605"; classtype: system-event; program: *adclient*; sid: 5004135; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify PAM right failed"; content: "centrifyEventID=36606"; classtype: system-event; program: *adclient*; sid: 5004136; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Desktop right added"; content: "centrifyEventID=37201"; classtype: system-event; program: *adclient*; sid: 5004137; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add Desktop Right failed"; content: "centrifyEventID=37202"; classtype: system-event; program: *adclient*; sid: 5004138; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Desktop right deleted"; content: "centrifyEventID=37203"; classtype: system-event; program: *adclient*; sid: 5004139; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete desktop right failed"; content: "centrifyEventID=37204"; classtype: system-event; program: *adclient*; sid: 5004140; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] desktop right modified"; content: "centrifyEventID=37205"; classtype: system-event; program: *adclient*; sid: 5004141; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify desktop right failed"; content: "centrifyEventID=37206"; classtype: system-event; program: *adclient*; sid: 5004142; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Network right added"; content: "centrifyEventID=37301"; classtype: system-event; program: *adclient*; sid: 5004143; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add network right failed"; content: "centrifyEventID=37302"; classtype: system-event; program: *adclient*; sid: 5004144; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] network right deleted"; content: "centrifyEventID=37303"; classtype: system-event; program: *adclient*; sid: 5004145; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete network right failed"; content: "centrifyEventID=37304"; classtype: system-event; program: *adclient*; sid: 5004146; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Network right modified"; content: "centrifyEventID=37305"; classtype: system-event; program: *adclient*; sid: 5004147; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify network right failed"; content: "centrifyEventID=37306"; classtype: system-event; program: *adclient*; sid: 5004148; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Application right added"; content: "centrifyEventID=37401"; classtype: system-event; program: *adclient*; sid: 5004149; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add application right failed"; content: "centrifyEventID=37402"; classtype: system-event; program: *adclient*; sid: 5004150; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Application right deleted"; content: "centrifyEventID=37403"; classtype: system-event; program: *adclient*; sid: 5004151; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete application right failed"; content: "centrifyEventID=37404"; classtype: system-event; program: *adclient*; sid: 5004152; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Application right modified"; content: "centrifyEventID=37405"; classtype: system-event; program: *adclient*; sid: 5004153; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify application right failed"; content: "centrifyEventID=37406"; classtype: system-event; program: *adclient*; sid: 5004154; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] UNIX command right added"; content: "centrifyEventID=36701"; classtype: system-event; program: *adclient*; sid: 5004155; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add command right failed"; content: "centrifyEventID=36702"; classtype: system-event; program: *adclient*; sid: 5004156; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] UNIX command right deleted"; content: "centrifyEventID=36703"; classtype: system-event; program: *adclient*; sid: 5004157; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete command right failed"; content: "centrifyEventID=36704"; classtype: system-event; program: *adclient*; sid: 5004158; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] UNIX command right modified"; content: "centrifyEventID=36705"; classtype: system-event; program: *adclient*; sid: 5004159; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify command right failed"; content: "centrifyEventID=36706"; classtype: system-event; program: *adclient*; sid: 5004160; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role added"; content: "centrifyEventID=36801"; classtype: system-event; program: *adclient*; sid: 5004161; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add role failed"; content: "centrifyEventID=36802"; classtype: system-event; program: *adclient*; sid: 5004162; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role deleted"; content: "centrifyEventID=36803"; classtype: system-event; program: *adclient*; sid: 5004163; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete role failed"; content: "centrifyEventID=36804"; classtype: system-event; program: *adclient*; sid: 5004164; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role modified"; content: "centrifyEventID=36805"; classtype: system-event; program: *adclient*; sid: 5004165; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify role failed"; content: "centrifyEventID=36806"; classtype: system-event; program: *adclient*; sid: 5004166; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add right to role was successful"; content: "centrifyEventID=36807"; classtype: system-event; program: *adclient*; sid: 5004167; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add right to role failed  "; content: "centrifyEventID=36808"; classtype: system-event; program: *adclient*; sid: 5004168; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete right from role was successful"; content: "centrifyEventID=36809"; classtype: system-event; program: *adclient*; sid: 5004169; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete right from role failed"; content: "centrifyEventID=36810"; classtype: system-event; program: *adclient*; sid: 5004170; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment added"; content: "centrifyEventID=36901"; classtype: system-event; program: *adclient*; sid: 5004171; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment failed"; content: "centrifyEventID=36902"; classtype: system-event; program: *adclient*; sid: 5004172; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment removed"; content: "centrifyEventID=36903"; classtype: system-event; program: *adclient*; sid: 5004173; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete role assignment failed"; content: "centrifyEventID=36904"; classtype: system-event; program: *adclient*; sid: 5004174; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment modified"; content: "centrifyEventID=36905"; classtype: system-event; program: *adclient*; sid: 5004175; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify role assignment failed"; content: "centrifyEventID=36906"; classtype: system-event; program: *adclient*; sid: 5004176; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment added to a computer"; content: "centrifyEventID=36907"; classtype: system-event; program: *adclient*; sid: 5004177; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add role assignment to computer failed"; content: "centrifyEventID=36908"; classtype: system-event; program: *adclient*; sid: 5004178; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment deleted from a computer"; content: "centrifyEventID=36909"; classtype: system-event; program: *adclient*; sid: 5004179; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete role assignment from computer failed"; content: "centrifyEventID=36910"; classtype: system-event; program: *adclient*; sid: 5004180; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment modified for a computer"; content: "centrifyEventID=36911"; classtype: system-event; program: *adclient*; sid: 5004181; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify role assignment for a computer failed"; content: "centrifyEventID=36912"; classtype: system-event; program: *adclient*; sid: 5004182; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment added to a computer role"; content: "centrifyEventID=36913"; classtype: system-event; program: *adclient*; sid: 5004183; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment for a computer role failed"; content: "centrifyEventID=36914"; classtype: system-event; program: *adclient*; sid: 5004184; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment deleted from a computer role"; content: "centrifyEventID=36915"; classtype: system-event; program: *adclient*; sid: 5004185; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete role assignment from a computer role failed"; content: "centrifyEventID=36916"; classtype: system-event; program: *adclient*; sid: 5004186; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Role assignment modified for a computer role"; content: "centrifyEventID=36917"; classtype: system-event; program: *adclient*; sid: 5004187; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify role assignment in a computer role failed"; content: "centrifyEventID=36918"; classtype: system-event; program: *adclient*; sid: 5004188; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Computer role added"; content: "centrifyEventID=37001"; classtype: system-event; program: *adclient*; sid: 5004189; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add computer role failed"; content: "centrifyEventID=37002"; classtype: system-event; program: *adclient*; sid: 5004190; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Computer role deleted"; content: "centrifyEventID=37003"; classtype: system-event; program: *adclient*; sid: 5004191; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete computer role failed"; content: "centrifyEventID=37004"; classtype: system-event; program: *adclient*; sid: 5004192; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Computer role modified"; content: "centrifyEventID=37005"; classtype: system-event; program: *adclient*; sid: 5004193; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify computer role failed"; content: "centrifyEventID=37006"; classtype: system-event; program: *adclient*; sid: 5004194; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] User added to a group"; content: "centrifyEventID=37101"; classtype: system-event; program: *adclient*; sid: 5004195; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add user to a group failed"; content: "centrifyEventID=37102"; classtype: system-event; program: *adclient*; sid: 5004196; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Password reset"; content: "centrifyEventID=37103"; classtype: system-event; program: *adclient*; sid: 5004197; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Reset password failed"; content: "centrifyEventID=37104"; classtype: system-event; program: *adclient*; sid: 5004198; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local user added to a zone"; content: "centrifyEventID=37501"; classtype: system-event; program: *adclient*; sid: 5004199; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add local user to a zone failed"; content: "centrifyEventID=37502"; classtype: system-event; program: *adclient*; sid: 5004200; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local user deleted from a zone"; content: "centrifyEventID=37503"; classtype: system-event; program: *adclient*; sid: 5004201; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete local user from a zone failed"; content: "centrifyEventID=37504"; classtype: system-event; program: *adclient*; sid: 5004202; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local user profile modified in a zone"; content: "centrifyEventID=37505"; classtype: system-event; program: *adclient*; sid: 5004203; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify local user in a zone failed"; content: "centrifyEventID=37506"; classtype: system-event; program: *adclient*; sid: 5004204; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local user added to a computer"; content: "centrifyEventID=37511"; classtype: system-event; program: *adclient*; sid: 5004205; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add local user to a computer failed"; content: "centrifyEventID=37512"; classtype: system-event; program: *adclient*; sid: 5004206; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local user deleted from computer"; content: "centrifyEventID=37513"; classtype: system-event; program: *adclient*; sid: 5004207; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete local user from a computer failed"; content: "centrifyEventID=37514"; classtype: system-event; program: *adclient*; sid: 5004208; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local user profile modified on a computer"; content: "centrifyEventID=37515"; classtype: system-event; program: *adclient*; sid: 5004209; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify local user on a computer failed"; content: "centrifyEventID=37516"; classtype: system-event; program: *adclient*; sid: 5004210; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local group added to a zone"; content: "centrifyEventID=37521"; classtype: system-event; program: *adclient*; sid: 5004211; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add local group to a zone failed"; content: "centrifyEventID=37522"; classtype: system-event; program: *adclient*; sid: 5004212; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local group deleted from a zone"; content: "centrifyEventID=37523"; classtype: system-event; program: *adclient*; sid: 5004213; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete local group from a zone failed"; content: "centrifyEventID=37524"; classtype: system-event; program: *adclient*; sid: 5004214; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local group profile modified in a zone"; content: "centrifyEventID=37525"; classtype: system-event; program: *adclient*; sid: 5004215; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify local group in a zone failed"; content: "centrifyEventID=37526"; classtype: system-event; program: *adclient*; sid: 5004216; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local group added to a computer"; content: "centrifyEventID=37531"; classtype: system-event; program: *adclient*; sid: 5004217; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Add local group to a computer failed"; content: "centrifyEventID=37532"; classtype: system-event; program: *adclient*; sid: 5004218; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local group deleted from a computer"; content: "centrifyEventID=37533"; classtype: system-event; program: *adclient*; sid: 5004219; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Delete local group from a computer failed"; content: "centrifyEventID=37534"; classtype: system-event; program: *adclient*; sid: 5004220; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local group profile modified on a computer"; content: "centrifyEventID=37535"; classtype: system-event; program: *adclient*; sid: 5004221; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Modify local group for a computer failed"; content: "centrifyEventID=37536"; classtype: system-event; program: *adclient*; sid: 5004222; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Centrify agent (adclient) started   "; content: "centrifyEventID=17000"; classtype: system-event; program: *adclient*; sid: 5004223; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Centrify agent (adclient) failed to start"; content: "centrifyEventID=17001"; classtype: system-event; program: *adclient*; sid: 5004224; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Centrify agent (adclient) stopped   "; content: "centrifyEventID=17002"; classtype: system-event; program: *adclient*; sid: 5004225; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Centrify agent (adclient) failed to stop"; content: "centrifyEventID=17003"; classtype: system-event; program: *adclient*; sid: 5004226; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] DirectAudit agent (dad) started   "; content: "centrifyEventID=45000"; classtype: system-event; program: *adclient*; sid: 5004227; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] DirectAudit agent (dad) failed to start"; content: "centrifyEventID=45001"; classtype: system-event; program: *adclient*; sid: 5004228; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] DirectAudit agent (dad) stopped   "; content: "centrifyEventID=45100"; classtype: system-event; program: *adclient*; sid: 5004229; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] DirectAudit agent (dad) failed to stop"; content: "centrifyEventID=45101"; classtype: system-event; program: *adclient*; sid: 5004230; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Auditing enabled"; content: "centrifyEventID=18000"; classtype: system-event; program: *adclient*; sid: 5004231; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Auditing not enabled"; content: "centrifyEventID=18001"; classtype: system-event; program: *adclient*; sid: 5004232; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Auditing disabled"; content: "centrifyEventID=18100"; classtype: system-event; program: *adclient*; sid: 5004233; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Auditing not disabled"; content: "centrifyEventID=18101"; classtype: system-event; program: *adclient*; sid: 5004234; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] The user login to the system successfully"; content: "centrifyEventID=18200"; classtype: system-event; program: *adclient*; sid: 5004235; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Joined domain"; content: "centrifyEventID=20100"; classtype: system-event; program: *adclient*; sid: 5004236; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Join failed"; content: "centrifyEventID=20101"; classtype: system-event; program: *adclient*; sid: 5004237; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Left domain"; content: "centrifyEventID=20200"; classtype: system-event; program: *adclient*; sid: 5004238; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Leaving domain failed"; content: "centrifyEventID=20201"; classtype: system-event; program: *adclient*; sid: 5004239; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Query as root was successful"; content: "centrifyEventID=20300"; classtype: system-event; program: *adclient*; sid: 5004240; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Query was successful"; content: "centrifyEventID=20301"; classtype: system-event; program: *adclient*; sid: 5004241; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Query request failed"; content: "centrifyEventID=20302"; classtype: system-event; program: *adclient*; sid: 5004242; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Password changed"; content: "centrifyEventID=20400"; classtype: system-event; program: *adclient*; sid: 5004243; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Password change failed"; content: "centrifyEventID=20401"; classtype: system-event; program: *adclient*; sid: 5004244; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Configuration settings (centrifydc.conf) reloaded"; content: "centrifyEventID=20500"; classtype: system-event; program: *adclient*; sid: 5004245; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Configuration settings (centrifydc.conf) failed to"; content: "centrifyEventID=20501"; classtype: system-event; program: *adclient*; sid: 5004246; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local cache flushed"; content: "centrifyEventID=20600"; classtype: system-event; program: *adclient*; sid: 5004247; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Cache flush failed"; content: "centrifyEventID=20601"; classtype: system-event; program: *adclient*; sid: 5004248; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Object refreshed"; content: "centrifyEventID=20650"; classtype: system-event; program: *adclient*; sid: 5004249; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Object refresh failed"; content: "centrifyEventID=20651"; classtype: system-event; program: *adclient*; sid: 5004250; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] License modes changed"; content: "centrifyEventID=20800"; classtype: system-event; program: *adclient*; sid: 5004251; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] License modes change failed"; content: "centrifyEventID=20801"; classtype: system-event; program: *adclient*; sid: 5004252; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Trusted path granted"; content: "centrifyEventID=23700"; classtype: system-event; program: *adclient*; sid: 5004253; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Trusted path denied"; content: "centrifyEventID=23701"; classtype: system-event; program: *adclient*; sid: 5004254; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM authentication granted"; content: "centrifyEventID=24100"; classtype: system-event; program: *adclient*; sid: 5004255; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM authentication denied"; content: "centrifyEventID=24101"; classtype: system-event; program: *adclient*; sid: 5004256; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM set credentials granted"; content: "centrifyEventID=24200"; classtype: system-event; program: *adclient*; sid: 5004257; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM set credentials denied"; content: "centrifyEventID=24201"; classtype: system-event; program: *adclient*; sid: 5004258; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM account management granted"; content: "centrifyEventID=24300"; classtype: system-event; program: *adclient*; sid: 5004259; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM account management denied"; content: "centrifyEventID=24301"; classtype: system-event; program: *adclient*; sid: 5004260; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM change password granted"; content: "centrifyEventID=24400"; classtype: system-event; program: *adclient*; sid: 5004261; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM change password denied"; content: "centrifyEventID=24401"; classtype: system-event; program: *adclient*; sid: 5004262; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM open session granted"; content: "centrifyEventID=24500"; classtype: system-event; program: *adclient*; sid: 5004263; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM open session denied"; content: "centrifyEventID=24501"; classtype: system-event; program: *adclient*; sid: 5004264; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM close session granted"; content: "centrifyEventID=24600"; classtype: system-event; program: *adclient*; sid: 5004265; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] PAM close session denied"; content: "centrifyEventID=24601"; classtype: system-event; program: *adclient*; sid: 5004266; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] DZ SSH right granted"; content: "centrifyEventID=27000"; classtype: system-event; program: *adclient*; sid: 5004267; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] DZ SSH right denied"; content: "centrifyEventID=27001"; classtype: system-event; program: *adclient*; sid: 5004268; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] SSHD granted"; content: "centrifyEventID=27100"; classtype: system-event; program: *adclient*; sid: 5004269; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] SSHD denied"; content: "centrifyEventID=27101"; classtype: system-event; program: *adclient*; sid: 5004270; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] SSHD connection close successfully"; content: "centrifyEventID=27102"; classtype: system-event; program: *adclient*; sid: 5004271; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] dzdo granted"; content: "centrifyEventID=30000"; classtype: system-event; program: *adclient*; sid: 5004272; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] dzdo denied"; content: "centrifyEventID=30001"; classtype: system-event; program: *adclient*; sid: 5004273; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Trouble ticket entered ticket: ticket  "; content: "centrifyEventID=30002"; classtype: system-event; program: *adclient*; sid: 5004274; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] dzsh command execution granted"; content: "centrifyEventID=33000"; classtype: system-event; program: *adclient*; sid: 5004275; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] dzsh command execution denied"; content: "centrifyEventID=33001"; classtype: system-event; program: *adclient*; sid: 5004276; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] dzsh role change granted"; content: "centrifyEventID=34000"; classtype: system-event; program: *adclient*; sid: 5004277; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] dzsh role change denied"; content: "centrifyEventID=34001"; classtype: system-event; program: *adclient*; sid: 5004278; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Dzinfo successful"; content: "centrifyEventID=42000"; classtype: system-event; program: *adclient*; sid: 5004279; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Dzinfo failed"; content: "centrifyEventID=42001"; classtype: system-event; program: *adclient*; sid: 5004280; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audited command is executed"; content: "centrifyEventID=48100"; classtype: system-event; program: *adclient*; sid: 5004281; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Audited command fails to be executed"; content: "centrifyEventID=48101"; classtype: system-event; program: *adclient*; sid: 5004282; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Adding enabled local user to local passwd"; content: "centrifyEventID=51100"; classtype: system-event; program: *adclient*; sid: 5004283; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Adding disabled local user to local passwd"; content: "centrifyEventID=51200"; classtype: system-event; program: *adclient*; sid: 5004284; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Removing local user from local passwd file"; content: "centrifyEventID=51300"; classtype: system-event; program: *adclient*; sid: 5004285; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local user is marked as disabled"; content: "centrifyEventID=51400"; classtype: system-event; program: *adclient*; sid: 5004286; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local user is marked as enabled"; content: "centrifyEventID=51500"; classtype: system-event; program: *adclient*; sid: 5004287; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local passwd file update failed"; content: "centrifyEventID=51101"; classtype: system-event; program: *adclient*; sid: 5004288; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Invoking notification cli succeeded"; content: "centrifyEventID=51600"; classtype: system-event; program: *adclient*; sid: 5004289; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Invoking notification cli failed"; content: "centrifyEventID=51601"; classtype: system-event; program: *adclient*; sid: 5004290; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Adding enabled local group to local group"; content: "centrifyEventID=52000"; classtype: system-event; program: *adclient*; sid: 5004291; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Removing local group from local group file"; content: "centrifyEventID=52100"; classtype: system-event; program: *adclient*; sid: 5004292; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Local group file update failed"; content: "centrifyEventID=52001"; classtype: system-event; program: *adclient*; sid: 5004293; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Managing local accounts succeeded"; content: "centrifyEventID=53000"; classtype: system-event; program: *adclient*; sid: 5004294; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] Managing local accounts failed"; content: "centrifyEventID=53001"; classtype: system-event; program: *adclient*; sid: 5004295; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] MFA challenge succeeded"; content: "centrifyEventID=54100"; classtype: system-event; program: *adclient*; sid: 5004296; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] MFA challenge failed"; content: "centrifyEventID=54101"; classtype: system-event; program: *adclient*; sid: 5004297; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] MFA challenge succeeded"; content: "centrifyEventID=54200"; classtype: system-event; program: *adclient*; sid: 5004298; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)
#alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[CENTRIFY] MFA challenge failed"; content: "centrifyEventID=54201"; classtype: system-event; program: *adclient*; sid: 5004299; reference:url,docs.centrify.com/en/css/2018-html/index.html#page/server-suite%2FCentrify_Documentation_Roadmap_v5.html; rev: 1;)