CIS-CSC – Investigations | LogRhythm Documentation

ID	Investigation Name	Minimum Data Requirement	Recommended Data Requirement	Description	Intelligent Indexing
218	Generic Account Usage	Host Logs	Active Directory or LDAP	All usage of activity with accounts on the list Generic Accounts. CIS Critical Security Control(s): CSC 16.8	No
219	New Domain Hosts	Active Directory Logs		New hosts which have joined the domain. CIS Critical Security Control(s): CSC 1.4, CSC 16.2	No
220	Removed Domain Hosts	Active Directory Logs		Hosts which have been removed from the domain in the last 7 days. CIS Critical Security Control(s): CSC 1.4, CSC 16.2	No
221	Configuration Changes	Host or Network Device Logs		Configuration change events. CIS Critical Security Control(s): CSC 5.5, CSC 3.2	No
223	New Network Hosts	AI Engine Events		Hosts which are new to the network. CIS Critical Security Control(s): CSC 1.4	No
225	Authentication Failures	Host Logs	Active Directory or LDAP	Failed authentication events. CIS Critical Security Control(s): CSC 14.9	No
226	Online Storage Usage	LogRhythm Network Monitor		Usage of online cloud storage services such as Dropbox and Google Docs. CIS Critical Security Control(s): CSC 13.5, CSC 13.4	No
227	Application Usage	LogRhythm Network Monitor		Impacted applications recorded by the LogRhythm Network Monitor. CIS Critical Security Control(s): CSC 2.7, CSC 6.7	No