The following table contains the lists that are included in the UEBA module. All of these lists can be configured in the LogRhythm environment.
|
List ID |
List Name |
|---|---|
|
-2554 |
Attack Lifecycle: Exfil, Corruption, Disruption |
|
-2553 |
Attack Lifecycle: Target Attainment |
|
-2552 |
Attack Lifecycle: Lateral Movement |
|
-2551 |
Attack Lifecycle: Command and Control |
|
-2550 |
Attack Lifecycle: Initial Compromise |
|
-2549 |
Attack Lifecycle: Recon and Planning |
|
-2363 |
Network: Whitelisted Processes |
|
-2362 |
Vulnerability Scanners |
|
-2180 |
Network: Blacklisted Countries |
|
-2092 |
Privileged Groups |
|
-2091 |
Privileged Users |
|
-1000000 |
CloudAI: Monitored Identities |
|
-1000001 |
CloudAI: Ignore for 24 Hours |
|
-1000002 |
Privileged Users |
|
-1000003 |
Executive Users |
|
-1000004 |
Watched Users |
|
-1000005 |
Location Watch List |