Cisco AMP Threat Grid
| LogRhythm List | Vendor List |
|---|---|
LR Threat List : File Path : Malware | ThreatGrid : File Path: Malware : All ThreatGrid : File Path: Malware : Top |
LR Threat List : IP : Malware | ThreatGrid : IP : Malware : All ThreatGrid : IP : Malware : Top |
LR Threat List : URL : Malware | ThreatGrid : URL : Domain : All ThreatGrid : URL : Domain : Top ThreatGrid : URL : Malware : All ThreatGrid : URL : Malware : Top |
| LR Threat List : IP : Malware | Cisco AMP Threat Grid : Host : Banking Trojan : All |
| LR Threat List : IP : Malware | Cisco AMP Threat Grid : Host : DLL Hijacking : All |
| LR Threat List : IP : Malware | Cisco AMP Threat Grid : Host : Downloaded Executable : All |
| LR Threat List : IP : Suspicious | Cisco AMP Threat Grid : Host : Dynamic DNS : All |
| LR Threat List : IP : Suspicious | Cisco AMP Threat Grid : Host : IRC : All |
| LR Threat List : IP : Malware | Cisco AMP Threat Grid : Host : Modified Hosts : All |
| LR Threat List : IP : Suspicious | Cisco AMP Threat Grid : Host : Parked : All |
| LR Threat List : IP : Suspicious | Cisco AMP Threat Grid : Host : Public IP : All |
| LR Threat List : IP : Malware | Cisco AMP Threat Grid : Host : Remote Access Trojan : All |
| LR Threat List : IP : Attack | Cisco AMP Threat Grid : Host : Sinkholed : All |
| LR Threat List : IP : Malware | Cisco AMP Threat Grid : Host : Stolen Cert : All |
The LogRhythm (parent) Lists to be associated with the “Cisco AMP Threat Grid” lists are labeled “IP,” though they are technically host lists. There is a much higher probability of matching on the host metadata fields than a URL.