CIS-CSC – Lists

The following lists need to be configured in the LogRhythm environment.

List ID	List Name	Object Type	Object ID	Object Name
-1001	Compliance: Network Access Control Systems	Report	84	Compliance: System Critical And Error Conditions
-1003	Compliance: Production Servers	Report	84	Compliance: System Critical And Error Conditions
-1004	Compliance: Remote Access Systems	Report	84	Compliance: System Critical And Error Conditions
-1005	Compliance: Wireless Access Points	Report	84	Compliance: System Critical And Error Conditions
-2055	Malicious User Agent Strings	AIE Rule	1112	CSC: External Malicious User-Agent
-2056	Suspicious URL Characters	AIE Rule	1113	CSC: External Malicious URL Characters
-2091	Privileged Users	AIE Rule	158	CSC: Accounts Deleted by Admin
-2091	Privileged Users	AIE Rule	159	CSC: Accounts Disabled by Admin
-2091	Privileged Users	AIE Rule	162	CSC: Windows RunAs Privilege Escalation
-2091	Privileged Users	AIE Rule	165	CSC: Linux sudo Privilege Escalation
-2092	Privileged Groups	AIE Rule	160	CSC: Users Added to Admin Group
-2092	Privileged Groups	AIE Rule	161	CSC: Users Removed from Admin Group
-2169	Network: Search : HTTP	AIE Rule	436	CSC: Port Misuse: 80
-2179	Network: Whitelisted Countries	AIE Rule	439	CSC: Allowed Traffic from Non-Whitelist Country
-2180	Network: Blacklisted Countries	AIE Rule	464	CSC: Allowed Traffic from Blacklist Country
-2182	Network: Functional : Online Storage	Investigation	226	Online Storage Usage
-2187	Network: Allowed Ingress Ports	AIE Rule	500	CSC: Blacklisted Ingress Port Observed
-2188	Network: Allowed Egress Ports	AIE Rule	499	CSC: Blacklisted Egress Port Observed
-2189	Generic Accounts	Investigation	218	Generic Account Usage
-2194	Blacklisted User Agent Strings	AIE Rule	497	CSC: Blacklisted User-Agent String
-2197	Network Devices	AIE Rule	493	CSC: Config Change After Attack
-2198	Wireless Network IP Range	AIE Rule	508	CSC: New Wireless Host