performing-log-source-onboarding-in-siem

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs installing and configuring collection agents and editing system-level config files (e.g., /etc/rsyslog.d, Splunk forwarder inputs) and network/service settings which require administrative/sudo access and therefore change the host state.