CCF – Lists
Functionality Lists
Functionality Lists | List Type | Description | List ID |
|---|---|---|---|
Insecure Applications List | Application | This list is pre-populated with insecure impacted applications. | -2067 |
Network Search: SSL/TLS | Application | Network application list of SSL/TLS content. | -2171 |
Network: Blacklisted Countries | Location | LogRhythm Global Administrator populated list of countries you wouldn't expect connections to. (rogue states/nations). | -2180 |
Network Devices | Host | Network devices to monitor for configuration changes. | -2197 |
Network: TLS Applications | Application | Network applications that use port 443 | -2202 |
CCF: User Whitelist | User | This list is an integral part of the C C F compliance automation suite. Whitelisted users and Active Directory groups can be added to this list. | -2594 |
CCF: User Blacklist | User | This list is an integral part of the C C F compliance automation suite. Blacklisted users and Active Directory groups can be added to this list. | -2595 |
CCF: Whitelisted Regions | Location | This list is an integral part of the C C F compliance automation suite. Enabling LogRhythm's GeoIP feature is recommended for the use of this whitelist. | -2596 |
CCF: Blacklisted Regions | Location | This list is an integral part of the C C F compliance automation suite. Enabling LogRhythm's GeoIP feature is recommended for the use of this blacklist. | -2597 |
CCF: Data Storage Systems | Log Source | This list is an integral part of the C C F compliance automation suite. Log Sources classified as data storage should be added to this list. | -2598 |
CCF: Production Servers | Log Source | This list is an integral part of the C C F compliance automation suite. Log Sources classified as production servers should be added to this list. | -2599 |
CCF: Security Systems | Log Source | This list is an integral part of the C C F compliance automation suite. Log Sources classified as security systems should be added to this list. | -2600 |
CCF: Privileged Accounts | User | This list should be populated with all privileged accounts and updated accordingly based on periodic reviews. | -1000008 |
CCF: Privileged Groups | General Value | This list includes default privileged groups included in a standard operating system but can also be customized according to account categorization within an organization. | -1000009 |
CCF: Third Party Account List | User | Contractors, vendors, other third party members and Active Directory groups can be added to this list. | -1000090 |
CCF: Default Account List | User | Default, service, and automation accounts along with Active Directory groups can be added to this list | -1000091 |
CCF: Business Users List | User | General (non-elevated) business users and Active Directory groups can be added to this list. | -1000092 |
CCF: Terminated Account List | User | Terminated, scheduled to be terminated accounts, and Active Directory groups can be added to this list. | -1000093 |
CCF: Physical Security Systems | Log Source | This list is to be populated and periodically updated according to physical security systems in-scope for the organization. | -1000094 |
CCF: Network Security Systems | Log Source | This list should be populated with production network security systems (firewalls, intrusion detection/prevention systems, proxies, load balancers, routers, firewalls). | -1000095 |
CCF: File Integrity Monitors | Log Source | This list includes all production systems that generate file integrity monitoring logs including LogRhythm File Integrity Monitor. | -1000096 |
CCF: Internal Environment List | Network | This list should be populated with internal IP addresses of your entire internal network. | -1000097 |
CCF: External Environment List | Network | This list should be populated with known external IP addresses of your trusted external network. | -1000098 |
CCF: Database Systems | Log Source | This list should be populated with database systems on the network. | -1000099 |
CCF: Wireless Environment List | Network | This list should be populated with the IP ranges of the Wireless network. | -1000100 |
CCF: Network Access Control Systems | Log Source | This list should be populated with production systems that enforce access controls. Examples include: VPN servers, WAP, LDAP, Active Directory, Dial-In Servers, etc. | -1000101 |
CCF: Critical Servers- Systems | Entity | This list should be populated with any server or system classified as critical. Further any servers or systems containing proprietary data should be considered as critical. | -1000102 |
Host Lists
CCF Scope Definition Lists | List Type | Description | List ID |
|---|---|---|---|
CCF: All Hosts | Host | This list is a parent list containing all the individual framework host lists. This list is leveraged by the CCF SRP to add scope context based on host list names in AIE rules and alarms. Framework child lists that are not in scope for your organization. | -1000111 |
UAE-NESA: All Hosts | Host | This list should be populated with all hosts in scope for UAE-NESA within an organization. This is an embedded list contained in the CCF: All Hosts list. This allows the CCF SRP to function adding host context to rules and alarms based on scope. | -1000114 |
GDPR: All Hosts | Host | This list should be populated with all hosts in scope for GDPR within an organization. This is an embedded list contained in the CCF: All Hosts list. This allows the CCF SRP to function adding host context to rules and alarms based on scope. | -1000113 |
NIST 800-53: All Hosts | Host | This list should be populated with all hosts in scope for NIST 800-53 within an organization. This is an embedded list contained in the CCF: All Hosts list. This allows the CCF SRP to function adding host context to rules and alarms based on scope. | -1000115 |
NIST 800-171: All Hosts | Host | This list should be populated with all hosts in scope for NIST 800-171 within an organization. This is an embedded list contained in the CCF: All Hosts list. This allows the CCF SRP to function adding host context to rules and alarms based on scope. | -1000116 |
NY-DFS: All Hosts | Host | This list should be populated with all hosts in scope for NY-DFS within an organization. This is an embedded list contained in the CCF: All Hosts list. This allows the CCF SRP to function adding host context to rules and alarms based on compliance scope. | -1000117 |
CJIS: All Hosts | Host | This list should be populated with all hosts in scope for CJIS within an organization. This is an embedded list contained in the CCF: All Hosts list. This allows the CCF SRP to function adding host context to rules and alarms based on scope. | -1000118 |
| ISO 27001: All Hosts | Host | This list should be populated with all hosts in scope for ISO 27001 within an organization. This is an embedded list contained in the CCF: All Hosts list. This allows the CCF SRP to function adding host context to rules and alarms based on scope. | -1000126 |
| ASD: All Hosts | Host | This list should be populated with all hosts in scope for ASD within an organization. This is an embedded list contained in the CCF: All Hosts list. This allows the CCF SRP to function adding host context to rules and alarms based on scope. | -1000128 |