Skip to main content
Skip table of contents

CIS-CSC – Investigations

ID

Investigation Name

Minimum Data Requirement

Recommended Data Requirement

DescriptionIntelligent Indexing

218

Generic Account Usage

Host Logs

Active Directory or LDAP

All usage of activity with accounts on the list Generic Accounts.

CIS Critical Security Control(s): CSC 16.8

No

219

New Domain Hosts

Active Directory Logs

 

New hosts which have joined the domain.

CIS Critical Security Control(s): CSC 1.4, CSC 16.2

No

220

Removed Domain Hosts

Active Directory Logs

 

Hosts which have been removed from the domain in the last 7 days.

CIS Critical Security Control(s): CSC 1.4, CSC 16.2

No

221

Configuration Changes

Host or Network Device Logs

 

Configuration change events.

CIS Critical Security Control(s): CSC 5.5, CSC 3.2

No

223

New Network Hosts

AI Engine Events

 

Hosts which are new to the network.

CIS Critical Security Control(s): CSC 1.4

No

225

Authentication Failures

Host Logs

Active Directory or LDAP

Failed authentication events.

CIS Critical Security Control(s): CSC 14.9

No

226

Online Storage Usage

LogRhythm Network Monitor

 

Usage of online cloud storage services such as Dropbox and Google Docs.

CIS Critical Security Control(s): CSC 13.5, CSC 13.4

No

227

Application Usage

LogRhythm Network Monitor

 

Impacted applications recorded by the LogRhythm Network Monitor.

CIS Critical Security Control(s): CSC 2.7, CSC 6.7

No

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close