Skip to main content
Skip table of contents

Lists

Administrator permissions are required to access this feature.

Lists can be used to store, gather, and upload information into the Axon client. For example, lists of terminated users, threatening IP addresses, and banned applications can be stored using the Lists feature.

View Lists

To access and view the contents of a list in Axon:

  1. In the lower-left corner of the main screen, click the Administration cog icon.
    The Administration menu appears on the left side.
  2. Under Integrations, click Lists.
    The Lists table appears and shows the following information for each list:

    ColumnDescription
    List NameThe name of the list with a link to its details page.
    Data TypeDisplays the type(s) of data contained within the list (for example, IP or INTEGER).
    AuthorThe author of the list.
    Last UpdatedThe date and time when the list was last modified.
    Date CreatedThe date and time when the list was created.
    EntriesThe number of entries included in the list.

    For information on filtering columns in the table, see Filters.

List Overview

To see more information about a single list, from the Lists page:

  1. Select the name of the list from the List Name column.
    The list opens to the List Items tab, which displays each item in the list.
  2. Select the Overview tab to see more details of the list. The following fields appear on the Overview tab:
FieldDescription
List NameThe name of the list with a link to its details page.
DescriptionDisplays an optional description of the list.
Number of Items in ListDisplays the number of rows in the list.
Configuration DetailsThis section displays information about each column included within the list.
ColumnDisplays the name of each column
Data TypeDisplays the type(s) of data contained within each column of the list (for example, IP or INTEGER).
ID

Displays a unique GUID for each list column.

This GUID can be copied and used in searches. For more information on using list GUIDs in search, see the List Search section of Build a Search Query.

CopyClick to copy the list and column GUID, which are needed to construct list searches as described above.
Last UpdatedThe date and time when the list was last modified.
Date CreatedThe date and time when the list was created.
AuthorThe author of the list.

LogRhythm System Lists

LogRhythm publishes lists to customer tenants that can be referenced in analytics rules and search criteria. System lists are published without any list items so that you can populate them with values that apply to your organization. Follow the Edit Lists workflow to populate a system list with values.

To identify system lists in the Lists grid, reference the Author column. Any list that reflects ‘logrhythm’ in the Author column is a system list that was created by LogRhythm and published to your tenant.

Inventory of LogRhythm System Lists

LogRhythm System List Name

List Description

Referenced By

MA:Cloud Accounts

Cloud accounts are created and configured by an organization to be used by users, remote support, and services.

They are also used in the administration of resources within a cloud service provider or SaaS application.

For more information, see MITRE ATT&CK technique T1078.004.

Analytics Rule T1078.004:Cloud Accounts

For more information, refer to the T1078.004:Cloud Accounts section of the Axon MITRE ATT&CK Streaming Analytics User Guide.

MA:Third Party AccountsThird Party Accounts are created and configured by an organization to allow external providers access to corporate resources. For more information, see MITRE ATT&CK technique T1199.

Analytics Rule T1199:Trusted Relationship

For more information, refer to the T1199:Trusted Relationship section of the Axon MITRE ATT&CK Streaming Analytics User Guide.

MA:Default AccountsDefault Accounts are default accounts that are typically included with operating systems, network appliances, cloud infrastructure, etc. For more information, see MITRE ATT&CK technique T1078.001.

Analytics Rule T1078.001:Default Accounts

For more information, refer to the T1078.001:Default Accounts section of the Axon MITRE ATT&CK Streaming Analytics User Guide.

Safelisted RegionsSafelisted Regions are global regions with known network traffic. For more information, see MITRE ATT&CK technique T1621.

Analytics Rule T1621:MFA Request Generation:Okta Push from Non-Safelisted Location

For more information, refer to the T1078.001:Default Accounts section of the Axon MITRE ATT&CK Streaming Analytics User Guide.

MA:Local AccountsLocal Accounts are accounts created and configured by an organization to be used in certain circumstances. For more information, see MITRE ATT&CK technique T1078.003.

Analytics Rule T1078.003:Local Accounts

For more information, refer to the T1078.001:Default Accounts section of the Axon MITRE ATT&CK Streaming Analytics User Guide.

PCI - Cardholder Data Systems

Information Systems that store, process, or transmit cardholder data or sensitive authentication data. For more information, see PCI DSS Compliance Bundle.

Linked Searches:

PCI - Authentication Failures

PCI - Cardholder Data Environment Access

PCI - Cardholder Data Environment Activity

PCI - Common Event Health

For more information, refer to the Searches section of the PCI DSS User Guide.

PCI - Physical Security Systems

Systems that control access to facilities, equipment, and resources such as badge readers and door access. For more information, see PCI DSS Compliance Bundle.

Linked Searches:

PCI - Physical Security Activity

PCI - Common Event Health

For more information, refer to the Searches section of the PCI DSS User Guide.

PCI - Network Security Systems

Systems that protect network security such as firewalls, intrusion detection/prevention, malware detection/prevention, network access control, remote access, virtual private network, and vulnerability scanning. For more information, see PCI DSS Compliance Bundle.

Linked Searches:

PCI - Firewall Configuration Changes

PCI - Firewall Activity

PCI - Anti-Malware Audit Activity

PCI - Network Security Control Access

PCI - Common Event Health

For more information, refer to the Searches section of the PCI DSS User Guide.

PCI - Privileged Users

Accounts that have elevated or increased privileges granted in order for that account to manage systems, networks and/or applications. For more information, see PCI DSS Compliance Bundle.

Linked Searches:

PCI - Privileged Account Activity

PCI - Privileged Account Modification

For more information, refer to the Searches section of the PCI DSS User Guide.

PCI - Third-Party Users

Third Party Accounts are created and configured by an organization to allow external providers access to corporate resources. For more information, see PCI DSS Compliance Bundle.

Linked Searches:

PCI - Third-Party Activity

For more information, refer to the Searches section of the PCI DSS User Guide.

PCI - Shared Accounts

Shared accounts can be accessed by multiple individuals to accomplish a single shared function, such as supporting the functionality of a process, system, device or application. These accounts should only be used on a limited, exception basis. For more information, see PCI DSS Compliance Bundle.

Linked Searches:

PCI - Shared Account Activity

For more information, refer to the Searches section of the PCI DSS User Guide.

PCI - System & Service Accounts

System and Service accounts are non-human privileged account usually located within operating systems and used to run applications or services. For more information, see PCI DSS Compliance Bundle.

Linked Searches:

PCI - System and Service Account Activity

For more information, refer to the Searches section of the PCI DSS User Guide.

ISO 27001 - In-Scope Data Systems

Information Systems that are in-scope within your ISO 27001 environment. For more information, see ISO 27001 Compliance Bundle.

Linked Searches:

ISO 27001 - Authentication Failures

ISO 27001 - In-Scope Environment Access

ISO 27001 - In-Scope Environment Activity

ISO 27001 - Common Event Health

For more information, refer to the Searches section of the ISO 27001 User Guide.

ISO 27001 - Physical Security Systems

Systems that control access to facilities, equipment, and resources such as badge readers and door access. For more information, see ISO 27001 Compliance Bundle.

Linked Searches:

ISO 27001 - Physical Security Activity

ISO 27001 - Common Event Health

For more information, refer to the Searches section of the ISO 27001 User Guide.

ISO 27001 - Network Security Systems

Systems that protect network security such as firewalls, intrusion detection/prevention, malware detection/prevention, network access control, remote access, virtual private network, and vulnerability scanning. For more information, see ISO 27001 Compliance Bundle.

Linked Searches:

ISO 27001 - Firewall Configuration Changes

ISO 27001 - Firewall Activity

ISO 27001 - Anti-Malware Audit Activity

ISO 27001 - Network Security Control Access

ISO 27001 - Common Event Health

For more information, refer to the Searches section of the ISO 27001 User Guide.

ISO 27001 - Privileged Users

Accounts that have elevated or increased privileges granted in order for that account to manage systems, networks and/or applications. For more information, see ISO 27001 Compliance Bundle.

Linked Searches:

ISO 27001 - Privileged Account Activity

ISO 27001 - Privileged Account Modification

For more information, refer to the Searches section of the ISO 27001 User Guide.

ISO 27001 - Third-Party Users

Third Party Accounts are created and configured by an organization to allow external providers access to corporate resources. For more information, see ISO 27001 Compliance Bundle.

Linked Searches:

ISO 27001 - Third-Party Activity

For more information, refer to the Searches section of the ISO 27001 User Guide.

ISO 27001 - Shared Accounts

Shared accounts can be accessed by multiple individuals to accomplish a single shared function, such as supporting the functionality of a process, system, device or application. These accounts should only be used on a limited, exception basis. For more information, see ISO 27001 Compliance Bundle.

Linked Searches:

ISO 27001 - Shared Account Activity

For more information, refer to the Searches section of the ISO 27001 User Guide.

ISO 27001 - System & Service Accounts

System and Service accounts are non-human privileged account usually located within operating systems and used to run applications or services. For more information, see ISO 27001 Compliance Bundle.

Linked Searches:

ISO 27001 - System and Service Account Activity

For more information, refer to the Searches section of the ISO 27001 User Guide.

NIST 800-53 - In-Scope Data Systems

Information Systems that are in-scope within your NIST 800-53 environment. For more information, see NIST 800-53 Compliance Bundle.

Linked Searches:

NIST 800-53 - Authentication Failures

NIST 800-53 - In-Scope Data Environment Access

NIST 800-53 - In-Scope Data Environment Activity

NIST 800-53 - Common Event Health

For more information, refer to the Searches section of the NIST 800-53 User Guide.

NIST 800-53 - Physical Security Systems

Systems that control access to facilities, equipment, and resources such as badge readers and door access. For more information, see NIST 800-53 Compliance Bundle.

Linked Searches:

NIST 800-53 - Physical Security Activity

NIST 800-53 - Common Event Health

For more information, refer to the Searches section of the NIST 800-53 User Guide.

NIST 800-53 - Network Security Systems

Systems that protect network security such as firewalls, intrusion detection/prevention, malware detection/prevention, network access control, remote access, virtual private network, and vulnerability scanning. For more information, see NIST 800-53 Compliance Bundle.

Linked Searches:

NIST 800-53 - Firewall Configuration Changes

NIST 800-53 - Firewall Activity

NIST 800-53 - Anti-Malware Audit Activity

NIST 800-53 - Network Security Control Access

NIST 800-53 - Common Event Health

For more information, refer to the Searches section of the NIST 800-53 User Guide.

NIST 800-53 - Privileged Users

Accounts that have elevated or increased privileges granted in order for that account to manage systems, networks and/or applications. For more information, see NIST 800-53 Compliance Bundle.

Linked Searches:

NIST 800-53 - Privileged Account Activity

NIST 800-53 - Privileged Account Modification

For more information, refer to the Searches section of the NIST 800-53 User Guide.

NIST 800-53 - Third-Party Users

Third Party Accounts are created and configured by an organization to allow external providers access to corporate resources. For more information, see NIST 800-53 Compliance Bundle.

Linked Searches:

NIST 800-53 - Third-Party Activity

For more information, refer to the Searches section of the NIST 800-53 User Guide.

NIST 800-53 - Shared Accounts

Shared accounts can be accessed by multiple individuals to accomplish a single shared function, such as supporting the functionality of a process, system, device or application. These accounts should only be used on a limited, exception basis. For more information, see NIST 800-53 Compliance Bundle.

Linked Searches:

NIST 800-53 - Shared Account Activity

For more information, refer to the Searches section of the NIST 800-53 User Guide.

NIST 800-53 - System & Service Accounts

System and Service accounts are non-human privileged account usually located within operating systems and used to run applications or services. For more information, see NIST 800-53 Compliance Bundle.

Linked Searches:

NIST 800-53 - System and Service Account Activity

For more information, refer to the Searches section of the NIST 800-53 User Guide.

NIST CSF - In-Scope Data SystemsInformation Systems that are in-scope within your NIST CSF environment. For more information, see NIST CSF Compliance Bundle.

Linked Searches:

NIST CSF - Authentication Failures

NIST CSF - In-Scope Data Environment Access

NIST CSF - In-Scope Data Environment Activity

NIST CSF - Common Event Health

For more information, refer to the Searches section of the NIST CSF User Guide.

NIST CSF - Physical Security SystemsSystems that control access to facilities, equipment, and resources such as badge readers and door access. For more information, see NIST CSF Compliance Bundle.

Linked Searches:

NIST CSF - Physical Security Activity

NIST CSF - Common Event Health

For more information, refer to the Searches section of the NIST CSF User Guide.

NIST CSF - Network Security SystemsSystems that protect network security such as firewalls, intrusion detection/prevention, malware detection/prevention, network access control, remote access, virtual private network, and vulnerability scanning. For more information, see NIST CSF Compliance Bundle.

Linked Searches:

NIST CSF - Firewall Configuration Changes

NIST CSF - Firewall Activity

NIST CSF - Anti-Malware Audit Activity

NIST CSF - Network Security Control Access

NIST CSF - Common Event Health

For more information, refer to the Searches section of the NIST CSF User Guide.

NIST CSF - Privileged UsersAccounts that have elevated or increased privileges granted in order for that account to manage systems, networks and/or applications. For more information, see NIST CSF Compliance Bundle.

Linked Searches:

NIST CSF - Privileged Account Activity

NIST CSF - Privileged Account Modification

For more information, refer to the Searches section of the NIST CSF User Guide.

NIST CSF - Third-Party UsersThird Party Accounts are created and configured by an organization to allow external providers access to corporate resources. For more information, see NIST CSF Compliance Bundle.

Linked Searches:

NIST CSF - Third-Party Activity

For more information, refer to the Searches section of the NIST CSF User Guide.

NIST CSF - Shared AccountsShared accounts can be accessed by multiple individuals to accomplish a single shared function, such as supporting the functionality of a process, system, device or application. These accounts should only be used on a limited, exception basis. For more information, see NIST CSF Compliance Bundle.

Linked Searches:

NIST CSF - Shared Account Activity

For more information, refer to the Searches section of the NIST CSF User Guide.

NIST CSF - System & Service AccountsSystem and Service accounts are non-human privileged account usually located within operating systems and used to run applications or services. For more information, see NIST CSF Compliance Bundle.

Linked Searches:

NIST CSF - System and Service Account Activity

For more information, refer to the Searches section of the NIST CSF User Guide.

NIST 800-171 - In-Scope Data SystemsInformation Systems that are in-scope within your NIST 800-171 environment. For more information, see NIST 800-171 Compliance Bundle.

Linked Searches:


NIST 800-171 - Authentication Failures

NIST 800-171 - In-Scope Data Environment Access

NIST 800-171 - In-Scope Data Environment Activity

NIST 800-171 - Common Event Health


For more information, refer to the Searches section of the NIST 800-171 User Guide.

NIST 800-171 - Physical Security SystemsSystems that control access to facilities, equipment, and resources such as badge readers and door access. For more information, see NIST 800-171 Compliance Bundle.

Linked Searches:

NIST 800-171 - Physical Security Activity

NIST 800-171 - Common Event Health

For more information, refer to the Searches section of the NIST 800-171 User Guide.

NIST 800-171 - Network Security SystemsSystems that protect network security such as firewalls, intrusion detection/prevention, malware detection/prevention, network access control, remote access, virtual private network, and vulnerability scanning. For more information, see NIST 800-171 Compliance Bundle.

Linked Searches:

NIST 800-171 - Firewall Configuration Changes

NIST 800-171 - Firewall Activity

NIST 800-171 - Anti-Malware Audit Activity

NIST 800-171 - Network Security Control Access

NIST 800-171 - Common Event Health

For more information, refer to the Searches section of the NIST 800-171 User Guide.

NIST 800-171 - Privileged UsersAccounts that have elevated or increased privileges granted in order for that account to manage systems, networks and/or applications. For more information, see NIST 800-171 Compliance Bundle.

Linked Searches:

NIST 800-171 - Privileged Account Activity

NIST 800-171 - Privileged Account Modification

For more information, refer to the Searches section of the NIST 800-171 User Guide.

NIST 800-171 - Third-Party UsersThird Party Accounts are created and configured by an organization to allow external providers access to corporate resources. For more information, see NIST 800-171 Compliance Bundle.

Linked Searches:

NIST 800-171 - Third-Party Activity

For more information, refer to the Searches section of the NIST 800-171 User Guide.

NIST 800-171 - Shared AccountsShared accounts can be accessed by multiple individuals to accomplish a single shared function, such as supporting the functionality of a process, system, device or application. These accounts should only be used on a limited, exception basis. For more information, see NIST 800-171 Compliance Bundle.

Linked Searches:

NIST 800-171 - Shared Account Activity

For more information, refer to the Searches section of the NIST 800-171 User Guide.

NIST 800-171 - System & Service AccountsSystem and Service accounts are non-human privileged account usually located within operating systems and used to run applications or services. For more information, see NIST 800-171 Compliance Bundle.

Linked Searches:

NIST 800-171 - System and Service Account Activity

For more information, refer to the Searches section of the NIST 800-171 User Guide.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.