|
LogRhythm List |
Vendor List |
|---|---|
|
LR Threat List : File Path : Malware |
ThreatGrid : File Path: Malware : All
|
|
LR Threat List : IP : Malware |
ThreatGrid : IP : Malware : All
|
|
LR Threat List : URL : Malware |
ThreatGrid : URL : Domain : All
|
|
LR Threat List : IP : Malware |
Cisco AMP Threat Grid : Host : Banking Trojan : All |
|
LR Threat List : IP : Malware |
Cisco AMP Threat Grid : Host : DLL Hijacking : All |
|
LR Threat List : IP : Malware |
Cisco AMP Threat Grid : Host : Downloaded Executable : All |
|
LR Threat List : IP : Suspicious |
Cisco AMP Threat Grid : Host : Dynamic DNS : All |
|
LR Threat List : IP : Suspicious |
Cisco AMP Threat Grid : Host : IRC : All |
|
LR Threat List : IP : Malware |
Cisco AMP Threat Grid : Host : Modified Hosts : All |
|
LR Threat List : IP : Suspicious |
Cisco AMP Threat Grid : Host : Parked : All |
|
LR Threat List : IP : Suspicious |
Cisco AMP Threat Grid : Host : Public IP : All |
|
LR Threat List : IP : Malware |
Cisco AMP Threat Grid : Host : Remote Access Trojan : All |
|
LR Threat List : IP : Attack |
Cisco AMP Threat Grid : Host : Sinkholed : All |
|
LR Threat List : IP : Malware |
Cisco AMP Threat Grid : Host : Stolen Cert : All |
The LogRhythm (parent) Lists to be associated with the “Cisco AMP Threat Grid” lists are labeled “IP,” though they are technically host lists. There is a much higher probability of matching on the host metadata fields than a URL.