MAS-TRMG – Lists
List Name | List Description | Type | List ID | Type | Log Sources |
|---|---|---|---|---|---|
MAS: Data Loss Prevention | This list includes production data loss prevention devices, including LogRhythm Data Loss Defender. | Log Source | -2555 | Log Source | This list includes production data loss prevention devices, including LogRhythm Data Loss Defender. |
MAS: File Integrity Monitors | This list includes all production systems that generate file integrity monitoring logs including LogRhythm File Integrity Monitor. | Log Source | -2556 | Log Source | This list includes all production systems that generate file integrity monitoring logs including LogRhythm File Integrity Monitor. |
MAS: Backup Servers-Systems | This list should be populated with any production system or server that facilitates backup or recovery processes to support disaster recovery, redundancy, or backup procedures. | Log Source | -2557 | Log Source | This list should be populated with any production system or server that facilitates backup or recovery processes to support disaster recovery, redundancy, or backup procedures. |
MAS: Network Access Control Systems | This list should be populated with production systems that enforce access controls. Examples: VPN servers, WAP, LDAP, Active Directory, Dial-In Servers, etc. | Log Source | -2558 | Log Source | This list should be populated with production systems that enforce access controls. Examples include: VPN servers, WAP, LDAP, Active Directory, Dial-In Servers, etc. |
MAS: Malware Prevention Systems | This list should be populated with production systems that generate malware detection & prevention logs. Examples: anti-virus and spyware detection/prevention systems. | Log Source | -2559 | Log Source | This list should be populated with production systems that generate malware detection & prevention logs. Examples: anti- virus and spyware detection/prevention systems. |
MAS: Physical Security Systems | This list should be populated and periodically updated according to physical security systems in-scope for the organization. | Log Source | -2560 | Log Source | This list is to be populated and periodically updated according to physical security systems in-scope for the organization. |
MAS: Network Security Systems | This list should be populated with production network security systems. Examples: firewalls, intrusion detection/prevention systems, proxies, load balancers, routers, firewalls. | Log Source | -2561 | Log Source | This list should be populated with production network security systems (firewalls, intrusion detection/prevention systems, proxies, load balancers, routers, firewalls). |
MAS: Test Servers-Systems | This list should be populated with any server or system that is utilized in a test setting and facilitates change management prior to a migration to a production environment. This should align with entity structure. | Entity | -2562 | Entity | This list should be populated with any server or system that is utilized in a test setting and facilitates change management prior to a migration to a production environment. This should align with entity structure. |
MAS: Production Servers- Systems | This list should be populated with any server or system that is utilized in a production setting, but is not classified as critical in nature. This should align with entity structure | Entity | -2563 | Entity | This list should be populated with any server or system that is utilized in a production setting, but is not classified as critical in nature. This should align with entity structure |
MAS: Critical Servers-Systems | This list should be populated with any server or system classified as critical where financial data resides or is processed through transactions. Further any servers or systems containing proprietary data should be considered as critical. This should align with entity structure classifications. | Entity | -2564 | Entity | This list should be populated with any server or system classified as critical where financial data resides or is processed through transactions. Further any servers or systems containing proprietary data should be considered as critical. This should align with entity structure classifications. |
MAS: Terminated Accounts | This list should be populated and periodically updated with those accounts classified as terminated through the user access management process. List updates should build off existing periodic access review results. | User | -2565 | User | This list should be populated and periodically updated with those accounts classified as terminated through the user access management process. List updates should build off existing periodic access review results. |
MAS: Shared Accounts | This list should be populated and periodically updated with those accounts where multiple users may utilize the shared account. List updates should build off existing periodic access review results. | User | -2566 | User | This list should be populated and periodically updated with those accounts where multiple users may utilize the shared account. List updates should build off existing periodic access review results. |
MAS: Default & Generic Accounts | This list includes pre-populated or known default accounts, but should also be populated with other default or generic accounts within the organization’s environment. List updates should build off existing periodic access review results. | User | -2567 | User | This list includes pre-populated or known default accounts, but should also be populated with other default or generic accounts within the organization’s environment. List updates should build off existing periodic access review results. |
MAS: Vendor Accounts | This list should be populated and periodically updated with those accounts classified as vendor or third-party related with access to your environment. List updates should build off existing periodic access review results. | User | -2568 | User | This list should be populated and periodically updated with those accounts classified as vendor or third-party related with access to your environment. List updates should build off existing periodic access review results. |
MAS: HR Payroll Accounts | This list should be populated and periodically updated with those accounts classified as HR or Payroll related. List updates should build off existing periodic access review results. | User | -2569 | User | This list should be populated and periodically updated with those accounts classified as HR or Payroll related. List updates should build off existing periodic access review results. |
MAS: PRD Privileged Accounts | This list should be populated and periodically updated with those accounts classified as privileged in nature within the production environment. | User | -2570 | User | This list should be populated and periodically updated with those accounts classified as privileged in nature within the production environment. |
MAS: TST Privileged Accounts | This list should be populated and periodically updated with those accounts classified as privileged (ability to migrate changes from test to production). | User | -2571 | User | This list should be populated and periodically updated with those accounts classified as privileged (ability to migrate changes from test to production). |
MAS: Business User Accounts | This list should be populated and periodically updated with those accounts belonging to Business Users within your environment. List updates should build off existing periodic access review results. | User | -2572 | User | This list should be populated and periodically updated with those accounts belonging to Business Users within your environment. List updates should build off existing periodic access review results. |
MAS: IT User Accounts | This list should be populated and periodically updated with those accounts belonging to IT personnel. List updates should build off existing periodic access review results. | User | -2573 | User | This list should be populated and periodically updated with those accounts belonging to IT personnel. List updates should build off existing periodic access review results. |
MAS: All Log Sources | This list captures all MAS log source lists. | Log Source | -2574 | Log Source | This list includes all Wireless Intrusion Detection Systems/Services (WIDS) within the boundary. |
MAS: Wireless IDS | This list includes all Wireless Intrusion Detection Systems/Services (WIDS) within the boundary. | Log Source | -2575 | Log Source | This lists captures all MAS log source lists. |
MAS: Online Banking Servers- Systems | This list should be populated with any server or system that is utilized in the online banking environment. This should align with entity structure. | Entity | -2576 | Entity | This list should be populated with any server or system that is utilized in the online banking environment. This should align with entity structure. |