Skip to main content
Skip table of contents

User and Entity Behavior Analytics – Lists


The following table contains the lists that are included in the UEBA module. All of these lists can be configured in the LogRhythm environment.

List ID

List Name

-2554

Attack Lifecycle: Exfil, Corruption, Disruption

-2553

Attack Lifecycle: Target Attainment

-2552

Attack Lifecycle: Lateral Movement

-2551

Attack Lifecycle: Command and Control

-2550

Attack Lifecycle: Initial Compromise

-2549

Attack Lifecycle: Recon and Planning

-2363

Network: Whitelisted Processes

-2362

Vulnerability Scanners

-2180

Network: Blacklisted Countries

-2092

Privileged Groups

-2091

Privileged Users

-1000000

CloudAI: Monitored Identities

-1000001

CloudAI: Ignore for 24 Hours

-1000002

Privileged Users

-1000003

Executive Users

-1000004

Watched Users

-1000005

Location Watch List



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.