configuration-modify
August 11, 2025 · View on GitHub
Description
The global configuration of an application or a program was modified
Parameters
| Parameter | Value |
|---|---|
| Subject | configuration |
| Activity | modify |
| Activity Type | configuration-modify |
| Pretty Name | Configuration Modify |
Legacy Names
| Success | Fail |
|---|---|
| config-change | config-change |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
configuration-modify:success
| Field | Core | Detection | Informational |
|---|---|---|---|
| event_locality | ✓ | ||
| cid | ✓ |
configuration-modify:fail
| Field | Core | Detection | Informational |
|---|---|---|---|
| failure_code | ✓ | ||
| failure_reason | ✓ | ||
| cid | ✓ |