|
Control Name
|
Rules
|
AIE Alerts
|
Investigations
|
Summary Reports
|
Detailed Reports
|
|
1526
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
0120
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
0125
|
|
|
|
|
|
|
0133
|
CCF: Corroborated Data Access Anomalies
CCF: Excessive Authentication Failure
CCF: Account Modification
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: FIM Abnormal Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
|
CCF: FIM Delete Activity Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: Applications Accessed By User Inv
CCF: Excessive Authentication Failure Inv
CCF: User Object Access Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Object Access Inv
CCF: Audit Log Inv
CCF: Critical Environment Error Inv
CCF: Time Sync Error Inv
|
CCF: Applications Accessed By User Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: User Object Access Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Object Access Summary
CCF: Audit Log Summary
CCF: Critical Environment Error Summary
CCF: Time Sync Error Summary
|
|
|
1213
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
0138
|
CCF: Config Modified
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Backup Information
|
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
CCF: FIM Delete Activity Alarm
CCF: Denial Of Service Alarm
CCF: Blacklisted Account Alarm
CCF: Backup Failure Alarm
|
CCF: Audit Log Inv
CCF: Time Sync Error Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Object Access Inv
CCF: Critical Environment Error Inv
CCF: Denial Of Service Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Backup Activity Inv
|
CCF: Audit Log Summary
CCF: Time Sync Error Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Object Access Summary
CCF: Critical Environment Error Summary
CCF: GeoIP Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: Backup Activity Summary
|
|
|
0123
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
1053
|
CCF: Excessive Authentication Failure
|
CCF: Priv Group Access Granted Alarm
|
CCF: Physical Access Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
|
CCF: Physical Access Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
|
|
|
1074
|
CCF: Excessive Authentication Failure
|
CCF: Priv Group Access Granted Alarm
|
CCF: Physical Access Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
|
CCF: Physical Access Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
|
|
|
0157
|
CCF: Abnormal Origin Location
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
|
CCF: Early TLS/SSL Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
|
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: GeoIP Inv
|
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: GeoIP Summary
|
|
|
1296
|
|
|
CCF: Physical Access Inv
|
CCF: Physical Access Summary
|
|
|
1503
|
CCF: Corroborated Data Access Anomalies
CCF: Excessive Authentication Failure
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Data Destruction
CCF: Data Exfiltration Observed
|
CCF: Unknown User Account Alarm
CCF: Blacklisted Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: FIM Delete Activity Alarm
CCF: LogRhythm Silent Log Source Error Alarm
|
CCF: Host Access Granted And Revoked Inv
CCF: Applications Accessed By User Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Password Modification Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Object Access Inv
|
CCF: Applications Accessed By User Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
CCF: GeoIP Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Object Access Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0409
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0411
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0816
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1508
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0445
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1509
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
CCF: Config Modified
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
CCF: Audit Log Inv
CCF: Time Sync Error Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
CCF: Audit Log Summary
CCF: Time Sync Error Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1175
|
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP Blacklisted Region Activity
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Misuse
|
CCF: Blacklisted Account Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Excessive Authentication Failure Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Audit Log Inv
CCF: Time Sync Error Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Social Media Summary
CCF: User Misuse Summary
CCF: Audit Log Summary
CCF: Time Sync Error Summary
|
|
|
0446
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0447
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0448
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0430
|
CCF: Corroborated Data Access Anomalies
CCF: Excessive Authentication Failure
CCF: Account Modification
CCF: Account Disabled
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
|
CCF: Unknown User Account Alarm
CCF: Blacklisted Account Alarm
|
CCF: Host Access Granted And Revoked Inv
CCF: Applications Accessed By User Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
CCF: User Object Access Inv
|
CCF: Applications Accessed By User Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: User Object Access Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1404
|
CCF: Corroborated Data Access Anomalies
CCF: Excessive Authentication Failure
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
|
CCF: Unknown User Account Alarm
CCF: Blacklisted Account Alarm
|
CCF: Host Access Granted And Revoked Inv
CCF: Applications Accessed By User Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
CCF: User Object Access Inv
|
CCF: Applications Accessed By User Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: User Misuse Summary
CCF: User Object Access Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0407
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
0441
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0443
|
CCF: Account Modification
CCF: Account Enabled
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Local Account Created and Used
CCF: Corroborated Data Access Anomalies
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0078
|
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Enabled
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Enabled Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0854
|
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Enabled
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Enabled Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0553
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: Blacklisted Account Alarm
|
CCF: GeoIP Inv
|
CCF: GeoIP Summary
|
|
|
0555
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: Blacklisted Account Alarm
|
CCF: GeoIP Inv
|
CCF: GeoIP Summary
|
|
|
1019
|
|
|
|
|
|
|
0313
|
CCF: FIM Abnormal Activity
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Data Destruction
CCF: Data Exfiltration Observed
|
CCF: FIM Delete Activity Alarm
|
CCF: LogRhythm Data Loss Defender Log Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
|
|
|
0311
|
CCF: FIM Abnormal Activity
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Data Destruction
CCF: Data Exfiltration Observed
|
CCF: FIM Delete Activity Alarm
|
CCF: LogRhythm Data Loss Defender Log Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
|
|
|
0342
|
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Data Destruction
CCF: Data Exfiltration Observed
|
CCF: FIM Delete Activity Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Denial Of Service Alarm
CCF: Time Sync Error Alarm
|
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Object Access Inv
CCF: Audit Log Inv
CCF: Critical Environment Error Inv
CCF: Denial Of Service Inv
CCF: Time Sync Error Inv
CCF: User Object Access Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Object Access Summary
CCF: Audit Log Summary
CCF: Critical Environment Error Summary
CCF: Time Sync Error Summary
CCF: User Object Access Summary
|
|
|
1069
|
CCF: FIM Abnormal Activity
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Data Destruction
CCF: Data Exfiltration Observed
|
CCF: FIM Delete Activity Alarm
|
CCF: LogRhythm Data Loss Defender Log Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
|
|
|
1469
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0414
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Same User
|
CCF: Blacklisted Account Alarm
|
CCF: GeoIP Inv
|
CCF: GeoIP Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1538
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: Blacklisted Account Alarm
|
CCF: GeoIP Inv
|
CCF: GeoIP Summary
|
|
|
0420
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: Blacklisted Account Alarm
|
CCF: GeoIP Inv
|
CCF: GeoIP Summary
|
|
|
0975
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: Blacklisted Account Alarm
|
CCF: GeoIP Inv
|
CCF: GeoIP Summary
|
|
|
0415
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: Blacklisted Account Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: GeoIP Inv
CCF: Audit Log Inv
CCF: Time Sync Error Inv
|
CCF: GeoIP Summary
CCF: Audit Log Summary
CCF: Time Sync Error Summary
|
|
|
1403
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
CCF: Auth After Numerous Failed Auths
CCF: Excessive Authentication Failure
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
|
CCF: Blacklisted Account Alarm
|
CCF: GeoIP Inv
|
CCF: GeoIP Summary
|
|
|
0431
|
CCF: Excessive Authentication Failure
CCF: Account Disabled
CCF: Account Enabled
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Auth After Numerous Failed Auths
CCF: Distributed Brute Force
|
|
CCF: Excessive Authentication Failure Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
|
CCF: Auth Failure Summary
CCF: Account Modified Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
|
|
|
1402
|
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Unknown User Account Alarm
CCF: FIM Delete Activity Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Non-Encrypted Protocol Alarm
|
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: User Object Access Inv
CCF: Unknown User Account Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Object Access Inv
CCF: Audit Log Inv
CCF: Time Sync Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Object Access Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Object Access Summary
CCF: Audit Log Summary
CCF: Time Sync Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1380
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1473
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1382
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1387
|
|
|
|
|
|
|
1144
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Critical Event After Attack
CCF: Distributed Brute Force
CCF: External Brute Force Auths
CCF: Abnormal Amount of Data Transferred
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Same User
CCF: Config Change After Attack
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Compromises Detected Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Denial Of Service Alarm
CCF: Unknown User Account Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Compromises Detected Inv
CCF: Suspected Wireless Attack Inv
CCF: Denial Of Service Inv
CCF: Suspicious Users Inv
CCF: Malware Detected Inv
CCF: Vulnerability Detected Inv
CCF: GeoIP Inv
CCF: Unknown User Account Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Compromises Detected Summary
CCF: Suspected Wireless Attack Summary
CCF: Malware Detected Summary
CCF: Vulnerability Detected Summary
CCF: Top Suspicious Users
|
CCF: Unknown User Account Detail
|
|
0940
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Critical Event After Attack
CCF: Distributed Brute Force
CCF: External Brute Force Auths
CCF: Abnormal Amount of Data Transferred
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Same User
CCF: Config Change After Attack
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Compromises Detected Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Denial Of Service Alarm
CCF: Unknown User Account Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Compromises Detected Inv
CCF: Suspected Wireless Attack Inv
CCF: Denial Of Service Inv
CCF: Suspicious Users Inv
CCF: Malware Detected Inv
CCF: Vulnerability Detected Inv
CCF: GeoIP Inv
CCF: Unknown User Account Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Compromises Detected Summary
CCF: Suspected Wireless Attack Summary
CCF: Malware Detected Summary
CCF: Vulnerability Detected Summary
CCF: Top Suspicious Users
|
CCF: Unknown User Account Detail
|
|
1472
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Critical Event After Attack
CCF: Distributed Brute Force
CCF: External Brute Force Auths
CCF: Abnormal Amount of Data Transferred
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Same User
CCF: Config Change After Attack
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Compromises Detected Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Denial Of Service Alarm
CCF: Unknown User Account Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Compromises Detected Inv
CCF: Suspected Wireless Attack Inv
CCF: Denial Of Service Inv
CCF: Suspicious Users Inv
CCF: Malware Detected Inv
CCF: Vulnerability Detected Inv
CCF: GeoIP Inv
CCF: Unknown User Account Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Compromises Detected Summary
CCF: Suspected Wireless Attack Summary
CCF: Malware Detected Summary
CCF: Vulnerability Detected Summary
CCF: Top Suspicious Users
|
CCF: Unknown User Account Detail
|
|
1494
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Critical Event After Attack
CCF: Distributed Brute Force
CCF: External Brute Force Auths
CCF: Abnormal Amount of Data Transferred
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Same User
CCF: Config Change After Attack
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Compromises Detected Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Denial Of Service Alarm
CCF: Unknown User Account Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Compromises Detected Inv
CCF: Suspected Wireless Attack Inv
CCF: Denial Of Service Inv
CCF: Suspicious Users Inv
CCF: Malware Detected Inv
CCF: Vulnerability Detected Inv
CCF: GeoIP Inv
CCF: Unknown User Account Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Compromises Detected Summary
CCF: Suspected Wireless Attack Summary
CCF: Malware Detected Summary
CCF: Vulnerability Detected Summary
CCF: Top Suspicious Users
|
CCF: Unknown User Account Detail
|
|
1495
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Critical Event After Attack
CCF: Distributed Brute Force
CCF: External Brute Force Auths
CCF: Abnormal Amount of Data Transferred
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Same User
CCF: Config Change After Attack
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Compromises Detected Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Denial Of Service Alarm
CCF: Unknown User Account Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Compromises Detected Inv
CCF: Suspected Wireless Attack Inv
CCF: Denial Of Service Inv
CCF: Suspicious Users Inv
CCF: Malware Detected Inv
CCF: Vulnerability Detected Inv
CCF: GeoIP Inv
CCF: Unknown User Account Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Compromises Detected Summary
CCF: Suspected Wireless Attack Summary
CCF: Malware Detected Summary
CCF: Vulnerability Detected Summary
CCF: Top Suspicious Users
|
CCF: Unknown User Account Detail
|
|
1496
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Critical Event After Attack
CCF: Distributed Brute Force
CCF: External Brute Force Auths
CCF: Abnormal Amount of Data Transferred
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Same User
CCF: Config Change After Attack
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Compromises Detected Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Denial Of Service Alarm
CCF: Unknown User Account Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Compromises Detected Inv
CCF: Suspected Wireless Attack Inv
CCF: Denial Of Service Inv
CCF: Suspicious Users Inv
CCF: Malware Detected Inv
CCF: Vulnerability Detected Inv
CCF: GeoIP Inv
CCF: Unknown User Account Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Compromises Detected Summary
CCF: Suspected Wireless Attack Summary
CCF: Malware Detected Summary
CCF: Vulnerability Detected Summary
CCF: Top Suspicious Users
|
CCF: Unknown User Account Detail
|
|
0300
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
|
|
|
0298
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
|
|
|
1497
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Time Sync Error Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Audit Log Summary
CCF: Time Sync Error Summary
|
|
|
1500
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Time Sync Error Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Audit Log Summary
CCF: Time Sync Error Summary
|
|
|
1211
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Time Sync Error Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Audit Log Summary
CCF: Time Sync Error Summary
|
|
|
0115
|
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: PRD Envir Config/Policy Change Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
|
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Signature Activity Inv
|
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
|
|
|
1510
|
CCF: Data Loss Prevention
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Corroborated Data Access Anomalies
CCF: Backup Information
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Critical Event After Attack
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
|
CCF: Backup Failure Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
CCF: Denial Of Service Alert
CCF: FIM Delete Activity Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Denial Of Service Alarm
CCF: Blacklisted Account Alarm
|
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Backup Activity Inv
CCF: Time Sync Error Inv
CCF: Object Access Inv
CCF: Audit Log Inv
CCF: Critical Environment Error Inv
CCF: Denial Of Service Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Backup Activity Summary
CCF: Time Sync Error Summary
CCF: Object Access Summary
CCF: Audit Log Summary
CCF: Critical Environment Error Summary
CCF: GeoIP Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
|
|
|
1511
|
CCF: Data Loss Prevention
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Corroborated Data Access Anomalies
CCF: Backup Information
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Critical Event After Attack
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
|
CCF: Backup Failure Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
CCF: Denial Of Service Alert
CCF: FIM Delete Activity Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Denial Of Service Alarm
CCF: Blacklisted Account Alarm
|
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Backup Activity Inv
CCF: Time Sync Error Inv
CCF: Object Access Inv
CCF: Audit Log Inv
CCF: Critical Environment Error Inv
CCF: Denial Of Service Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Backup Activity Summary
CCF: Time Sync Error Summary
CCF: Object Access Summary
CCF: Audit Log Summary
CCF: Critical Environment Error Summary
CCF: GeoIP Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
|
|
|
1514
|
CCF: Data Loss Prevention
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Corroborated Data Access Anomalies
CCF: Backup Information
|
CCF: Backup Failure Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
CCF: Denial Of Service Alert
|
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Backup Activity Inv
CCF: Time Sync Error Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Backup Activity Summary
CCF: Time Sync Error Summary
|
|
|
0580
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
1405
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
0988
|
|
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
|
CCF: Time Sync Error Inv
CCF: Audit Log Inv
|
CCF: Time Sync Error Summary
CCF: Audit Log Summary
|
|
|
0584
|
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Blacklist Location Auth
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Audit Log Inv
CCF: Time Sync Error Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Audit Log Summary
CCF: Time Sync Error Summary
CCF: Priv Authentication Activity Summary
CCF: Applications Accessed By User Summary
CCF: GeoIP Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Term Account Activity Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
0582
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
1536
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
1537
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
0585
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
0586
|
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
|
CCF: FIM Delete Activity Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Denial Of Service Alarm
CCF: Time Sync Error Alarm
CCF: Blacklisted Account Alarm
|
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Object Access Inv
CCF: Audit Log Inv
CCF: Critical Environment Error Inv
CCF: Denial Of Service Inv
CCF: Time Sync Error Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Object Access Summary
CCF: Audit Log Summary
CCF: Critical Environment Error Summary
CCF: Time Sync Error Summary
CCF: GeoIP Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
|
|
|
0859
|
CCF: Data Loss Prevention
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Corroborated Data Access Anomalies
CCF: Backup Information
|
CCF: Backup Failure Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
CCF: Denial Of Service Alert
|
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Backup Activity Inv
CCF: Time Sync Error Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Backup Activity Summary
CCF: Time Sync Error Summary
|
|
|
0991
|
CCF: Data Loss Prevention
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Corroborated Data Access Anomalies
CCF: Backup Information
|
CCF: Backup Failure Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
CCF: Denial Of Service Alert
|
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Backup Activity Inv
CCF: Time Sync Error Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Backup Activity Summary
CCF: Time Sync Error Summary
|
|
|
0109
|
CCF: Config Modified
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: Audit Log Inv
CCF: Time Sync Error Inv
|
CCF: Audit Log Summary
CCF: Time Sync Error Summary
|
|
|
1228
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
CCF: Excessive Authentication Failure
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
|
1422
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1277
|
|
CCF: Early TLS/SSL Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
|
CCF: Use Of Non-Encrypted Protocols Inv
|
CCF: Use Of Non-Encrypted Protocols Summary
|
|
|
1262
|
CCF: Corroborated Account Anomalies
CCF: Corroborated Data Access Anomalies
CCF: Abnormal Origin Location
CCF: GeoIP Blacklisted Region Activity
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Same User
|
CCF: Blacklisted Account Alarm
|
CCF: GeoIP Inv
|
CCF: GeoIP Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1261
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1263
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1264
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1256
|
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
|
CCF: FIM Delete Activity Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Denial Of Service Alarm
CCF: Time Sync Error Alarm
|
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Object Access Inv
CCF: Audit Log Inv
CCF: Critical Environment Error Inv
CCF: Denial Of Service Inv
CCF: Time Sync Error Inv
CCF: GeoIP Inv
CCF: User Object Access Inv
|
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Object Access Summary
CCF: Audit Log Summary
CCF: Critical Environment Error Summary
CCF: Time Sync Error Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
|
|
|
1255
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: FIM Delete Activity Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Denial Of Service Alarm
CCF: Time Sync Error Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Object Access Inv
CCF: Audit Log Inv
CCF: Critical Environment Error Inv
CCF: Denial Of Service Inv
CCF: Time Sync Error Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Object Access Summary
CCF: Audit Log Summary
CCF: Critical Environment Error Summary
CCF: Time Sync Error Summary
CCF: User Object Access Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1268
|
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Excessive Authentication Failure
CCF: Corroborated Data Access Anomalies
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Account Modification
CCF: Account Deleted
CCF: Account Disabled
CCF: Account Enabled
CCF: Social Media Event
CCF: Disabled Account Auth Success
CCF: Corroborated Account Anomalies
CCF: Misuse
CCF: Local Account Created and Used
CCF: Config Modified
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
|
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: Unknown User Account Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Time Sync Error Alarm
|
CCF: Password Modification Inv
CCF: Applications Accessed By User Inv
CCF: Privileged Account Modification Inv
CCF: Privileged Account Escalation Inv
CCF: GeoIP Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: Host Access Granted And Revoked Inv
CCF: Excessive Authentication Failure Inv
CCF: Account Modified Inv
CCF: Account Deleted Inv
CCF: Account Disabled Inv
CCF: Account Enabled Inv
CCF: Social Media Inv
CCF: User Misuse Inv
CCF: Unknown User Account Inv
CCF: Audit Log Inv
CCF: Time Sync Error Inv
|
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Applications Accessed By User Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: User Priv Escalation (Windows) Summary
CCF: GeoIP Summary
CCF: User Object Access Summary
CCF: Top Suspicious Users
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Account Deleted Summary
CCF: Account Disabled Summary
CCF: Account Enabled Summary
CCF: Social Media Summary
CCF: User Misuse Summary
CCF: Audit Log Summary
CCF: Time Sync Error Summary
|
CCF: Host Access Granted And Revoked Detail
CCF: Unknown User Account Detail
|
|
1182
|
#N/A
|
#N/A
|
#N/A
|
#N/A
|
#N/A
|
|
1301
|
|
CCF: Rogue Access Point Alarm
|
CCF: Rogue Access Point Inv
|
CCF: Rogue Access Point Summary
|
|
|
1435
|
|
CCF: Denial Of Service Alarm
|
CCF: Denial Of Service Inv
|
|
|
|
1139
|
|
CCF: Early TLS/SSL Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
|
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Rogue Access Point Inv
|
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Rogue Access Point Summary
|
|
|
0670
|
CCF: Misuse
CCF: Social Media Event
CCF: Corroborated Account Anomalies
CCF: Disabled Account Auth Success
CCF: External Brute Force Auths
CCF: Local Account Created and Used
CCF: Password Modified by Admin
CCF: Admin Password Modified
CCF: Multiple Account Passwords Modified by Admin
CCF: Password Modified by Another User
CCF: Account Enabled
CCF: Account Disabled
CCF: Account Deleted
CCF: Account Modification
CCF Excessive Authentication Failure
CCF: FIM Abnormal Activity
CCF: FIM Add Activity
CCF: FIM General Activity
CCF: Data Loss Prevention
CCF: Backup Information
CCF: GeoIP General Activity
CCF: GeoIP Blacklisted Region Activity
CCF: Corroborated Data Access Anomalies
CCF: Config Modified
CCF: Software Install
CCF: Software Uninstall
CCF: FIM Information
CCF: Abnormal Amount of Data Transferred
CCF: Large Outbound Transfer
CCF: Linux sudo Privilege Escalation
CCF: Windows RunAs Privilege Escalation
CCF: Abnormal Origin Location
CCF: Attack then External Connection
CCF: Auth After Numerous Failed Auths
CCF: Auth After Security Event
CCF: Blacklist Location Auth
CCF: Concurrent VPN from Multiple Locations
CCF: Concurrent VPN from Single User
CCF: Config Change After Attack
CCF: Config Change then Critical Error
CCF: Config Deleted/Disabled
CCF: Critical Event After Attack
CCF: Data Destruction
CCF: Data Exfiltration Observed
CCF: Distributed Brute Force
|
CCF: Unknown User Account Alarm
CCF: Priv Group Access Granted Alarm
CCF: Privilege Escalation After Attack Alarm
CCF: Blacklisted Account Alarm
CCF: FIM Delete Activity Alarm
CCF: PRD Envir Config/Policy Change Alarm
CCF: Time Sync Error Alarm
CCF: Audit Logging Stopped Alarm
CCF: Audit Log Cleared Alarm
CCF: Failed Audit Log Write Alarm
CCF: Software Install Fail Alarm
CCF: Software Uninstall Fail Alarm
CCF: LogRhythm Silent Log Source Error Alarm
CCF: Early TLS/SSL Alarm
CCF: Backup Failure Alarm
CCF: Critical/PRD Envir Patch Failure Alarm
CCF: PRD Envir Signature Failure Alarm
CCF: Non-Encrypted Protocol Alarm
CCF: Rogue Access Point Alarm
CCF: Suspected Wireless Attack Alarm
CCF: Compromises Detected Alarm
CCF: Malware Alarm
CCF: Vulnerability Detected Alarm
CCF: Denial Of Service Alarm
|
CCF: User Misuse Inv
CCF: Social Media Inv
CCF: Unknown User Account Inv
CCF: Privileged Account Modification Inv
CCF: Account Enabled Inv
CCF: Account Disabled Inv
CCF: Account Deleted Inv
CCF: Account Modified Inv
CCF Excessive Authentication Failure Inv
CCF: Password Modification Inv
CCF: Object Access Inv
CCF: Suspicious Users Inv
CCF: User Object Access Inv
CCF: GeoIP Inv
CCF: Backup Activity Inv
CCF: LogRhythm Data Loss Defender Log Inv
CCF: Config/Policy Change Inv
CCF: Patch Activity Inv
CCF: Time Sync Error Inv
CCF: Signature Activity Inv
CCF: Audit Log Inv
CCF: Applications Accessed By User Inv
CCF: Critical Environment Error Inv
CCF: Use Of Non-Encrypted Protocols Inv
CCF: Compromises Detected Inv
CCF: Host Access Granted And Revoked Inv
CCF: Rogue Access Point Inv
CCF: Suspected Wireless Attack Inv
CCF: Privileged Account Escalation Inv
CCF: Malware Detected Inv
CCF: Physical Access Inv
CCF: Vulnerability Detected Inv
CCF: Denial Of Service Inv
|
CCF: User Misuse Summary
CCF: Social Media Summary
CCF: Priv Authentication Activity Summary
CCF: Priv Account Management Activity Summary
CCF: Account Enabled Summary
CCF: Account Disabled Summary
CCF: Account Deleted Summary
CCF: Account Modified Summary
CCF: Term Account Activity Summary
CCF: Auth Failure Summary
CCF: Access Failure Summary
CCF: Auth Success Summary
CCF: Access Success Summary
CCF: Object Access Summary
CCF: Top Suspicious Users
CCF: User Object Access Summary
CCF: GeoIP Summary
CCF: Backup Activity Summary
CCF: LogRhythm Data Loss Defender Log Summary
CCF: Config/Policy Change Summary
CCF: Patch Activity Summary
CCF: Time Sync Error Summary
CCF: Signature Activity Summary
CCF: Audit Log Summary
CCF: Applications Accessed By User Summary
CCF: Critical Environment Error Summary
CCF: Use Of Non-Encrypted Protocols Summary
CCF: Compromises Detected Summary
CCF: Rogue Access Point Summary
CCF: Suspected Wireless Attack Summary
CCF: User Priv Escalation (Windows) Summary
CCF: User Priv Escalation (SU & SUDO) Summary
CCF: Malware Detected Summary
CCF: Physical Access Summary
CCF: Vulnerability Detected Summary
|
CCF: Unknown User Account Detail
CCF: Host Access Granted And Revoked Detail
|
