Bug Security Watcher error

woody · Dec 18, 2021

I have set up two Security Watcher actions. User Information > Email Address and User Information > Password. Both are set to "email administrator" when triggered.

Instead of triggering on the Email Address or the Password, both instead trigger on Secondary Group IDs.

Code:

DragonByte Security has detected a security alert regarding User Information
[LIST]
[*][Dec 18, 2021 at 7:16 AM] Changed User Field: secondary_group_ids - Value Change: user id: 194296 (username123) - [137] -> [137,141] - IP Address: 11.2.333.444
[/LIST]
The actions you have configured in the Security Center have been taken.

That value changed, but shouldn't be triggering the Watcher alert. I received TWO identical emails per the above code.

Fillip H. · Dec 20, 2021

I believe I've identified an issue with the "User Information" watcher type that didn't correctly limit watcher triggers by the field defined in the rule. I'll test this more and release an update in the coming days.

woody · Jan 26, 2022

"the coming days"....more than a month....

DragonByte Technologies · Jan 27, 2022

Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future release (4.6.0).

Change log:

Fix: Fix an issue where the User Information watcher wasn't correctly limiting to the field described in the Watcher Rules

Bug Security Watcher error

woody

Fillip H.

woody

DragonByte Technologies

Company Information

Similar threads

DragonByte Security

We value your privacy