| legitimate aaa configuration modifications may occur during normal administrative activities such as implementing new security policies, adjusting lockout thresholds or troubleshooting authentication issues. these events should be verified and investigated. consider filtering modifications performed by known administrative accounts where necessary. | |
LoFP
/
T1556.004