User and Entity Behavior Analytics – Lists
The following table contains the lists that are included in the UEBA module. All of these lists can be configured in the LogRhythm environment.
List ID | List Name |
---|---|
-2554 | Attack Lifecycle: Exfil, Corruption, Disruption |
-2553 | Attack Lifecycle: Target Attainment |
-2552 | Attack Lifecycle: Lateral Movement |
-2551 | Attack Lifecycle: Command and Control |
-2550 | Attack Lifecycle: Initial Compromise |
-2549 | Attack Lifecycle: Recon and Planning |
-2363 | Network: Whitelisted Processes |
-2362 | Vulnerability Scanners |
-2180 | Network: Blacklisted Countries |
-2092 | Privileged Groups |
-2091 | Privileged Users |
-1000000 | CloudAI: Monitored Identities |
-1000001 | CloudAI: Ignore for 24 Hours |
-1000002 | Privileged Users |
-1000003 | Executive Users |
-1000004 | Watched Users |
-1000005 | Location Watch List |