|
AIE Rules & Alerts |
Applicable Frameworks |
Corresponding Investigation |
Corresponding Report |
CCF SRP 1.0 Ready |
|---|---|---|---|---|
|
CCF: Abnormal Amount of Data Transferred |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Abnormal Origin Location |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
|
|
CCF: Account Deleted Rule |
NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Deleted Account Inv |
CCF: Account Deleted Summary |
|
|
CCF: Account Disabled Rule |
NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Disabled Account Inv |
CCF: Account Disabled Summary |
|
|
CCF: Account Enabled Rule |
NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Enabled Account Inv |
CCF: Account Enabled Summary |
|
|
CCF: Account Modification |
NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Account Modification Inv |
CCF: Account Modified Summary |
|
|
CCF: Admin Password Modified |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Password Modified Inv |
|
|
|
CCF: Attack then External Connection |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Audit Log Cleared Alarm |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Audit Log Inv |
CCF: Audit Log Summary |
✓ |
|
CCF: Audit Logging Stopped Alarm |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Audit Log Inv |
CCF: Audit Log Summary |
✓ |
|
CCF: Auth After Numerous Failed Auths |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Auth After Security Event |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Backup Failure Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Backup Activity Inv |
CCF: Backup Activity Summary |
✓ |
|
CCF: Backup Information |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Backup Activity Inv |
CCF: Backup Activity Summary |
✓ |
|
CCF: Blacklist Location Auth |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
|
|
CCF: Blacklisted Account Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
|
|
CCF: Compromise Detected Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Compromises Detected Inv |
CCF: Compromises Detected Summary |
✓ |
|
CCF: Concurrent VPN from Multiple Locations |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
|
|
CCF: Concurrent VPN from Same User |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
|
|
CCF: Config Change After Attack |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Config/Policy Change Inv |
CCF: Config/Policy Change Summary |
✓ |
|
CCF: Config Change then Critical Error |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Config/Policy Change Inv |
CCF: Config/Policy Change Summary |
✓ |
|
CCF: Config Deleted/Disabled |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Config/Policy Change Inv |
CCF: Config/Policy Change Summary |
✓ |
|
CCF: Config Modified |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Config/Policy Change Inv |
CCF: Config/Policy Change Summary |
✓ |
|
CCF: Corroborated Account Anomalies |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Suspicious Users Inv |
N/A |
|
|
CCF: Corroborated Data Access Anomalies |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Suspicious Users Inv |
N/A |
|
|
CCF: Critical Event After Attack |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Critical/PRD Envir Patch Failure Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Config/Policy Change Inv |
CCF: Config/Policy Change Summary |
✓ |
|
CCF: Data Destruction |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: LogRhythm Data Loss Defender Log Inv |
CCF: LogRhythm Data Loss Defender Log Summary |
✓ |
|
CCF: Data Exfiltration Observed |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: LogRhythm Data Loss Defender Log Inv |
CCF: LogRhythm Data Loss Defender Log Summary |
✓ |
|
CCF: Data Loss Prevention |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: LogRhythm Data Loss Defender Log Inv |
CCF: LogRhythm Data Loss Defender Log Summary |
✓ |
|
CCF: Denial of Service Alert |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Denial of Service Inv |
N/A |
✓ |
|
CCF: Disabled Account Auth Success |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
|
|
CCF: Distributed Brute Force |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Early TLS/SSL Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
|
|
CCF: Excessive Authentication Failures Rule |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Excessive Authentication Failure Inv |
CCF: Auth Failure Summary |
✓ |
|
CCF: External Brute Force Auths |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Failed Audit Log Write Alarm |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Audit Log Inv |
CCF: Audit Log Summary |
✓ |
|
CCF: FIM Abnormal Activity |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: FIM Add Activity |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: FIM Delete Activity Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: FIM General Activity |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: FIM Information |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: GeoIP Blacklisted Region Activity |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: GeoIP Inv |
CCF: GeoIP Summary |
|
|
CCF: GeoIP General Activity |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: GeoIP Inv |
CCF: GeoIP Summary |
|
|
CCF: Large Outbound Transfer |
GDPR, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Linux sudo Privilege Escalation |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Privileged Account Escalation Inv |
CCF: User Priv Escalation (SU & SUDO) Summary |
✓ |
|
CCF: Local Account Created and Used |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: LogRhythm Silent Log Source Error Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Audit Log Inv |
CCF: Audit Log Summary |
✓ |
|
CCF: Malware Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Malware Detected Inv |
CCF: Malware Detected Summary |
✓ |
|
CCF: Misuse |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: User Misuse Inv |
CCF: User Misuse Summary |
✓ |
|
CCF: Multiple Account Passwords Modified by Admin |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Password Modified Inv |
CCF: Priv Account Management Activity Summary |
|
|
CCF: Non-Encrypted Protocol Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Use Of Non- Encrypted Protocols Inv |
CCF: Use Of Non- Encrypted Protocols Summary |
|
|
CCF: Password Modified by Admin |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Password Modified Inv |
CCF: Priv Account Management Activity Summary |
|
|
CCF: Password Modified by Another User |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Password Modified Inv |
CCF: Priv Account Management Activity Summary |
|
|
CCF: Priv Group Access Granted Alarm |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Privileged Account Modification Inv |
CCF: Priv Account Management Activity Summary |
|
|
CCF: Privilege Escalation After Attack Alarm |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Privileged Account Modification Inv |
CCF: Priv Account Management Activity Summary |
✓ |
|
CCF: PRD Envir Config/Policy Change Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Config/Policy Change Inv |
CCF: Config/Policy Change Summary |
✓ |
|
CCF: PRD Envir Signature Failure Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Critical Environment Error Inv |
CCF: Critical Environment Error Summary |
✓ |
|
CCF: Rogue Access Point Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Rogue Access Point Inv |
CCF: Rogue Access Point Summary |
✓ |
|
CCF: Social Media Event |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Social Media Inv |
CCF: Social Media Summary |
✓ |
|
CCF: Software Install Rule |
NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Software Install Failure Alarm |
NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Software Uninstall Rule |
NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Software Uninstall Failure Alarm |
NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
N/A |
N/A |
✓ |
|
CCF: Suspected Wireless Attack Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Suspected Wireless Attack Inv |
CCF: Suspected Wireless Attack Summary |
✓ |
|
CCF: Time Sync Error Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Time Sync Error Inv |
CCF: Time Sync Error Summary |
✓ |
|
CCF: Unknown User Account Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Unknown User Account Inv |
N/A |
✓ |
|
CCF: Vulnerability Detected Alarm |
GDPR, UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Vulnerability Detected Inv |
CCF: Vulnerability Detected Summary |
✓ |
|
CCF: Windows RunAs Privilege Escalation |
UAE-NESA, NIST 800-53, NIST 800-171, NIST CSF, NY DFS, CJIS, State DPLs, ISO 27001, ASD |
CCF: Privileged Account Escalation Inv |
CCF: User Priv Escalation (Windows) Summary |
✓ |