command execution on a virtual machine may be done by a system or network administrator. verify whether the username, hostname, and/or resource name should be making changes in your environment. command execution from unfamiliar users or hosts should be investigated. if known behavior is causing false positives, it can be exempted from the rule. | |