The following table contains the lists that are included in the UEBA module. All of these lists can be configured in the LogRhythm environment.
|
List ID |
List Name |
|---|---|
|
-2554 |
Attack Lifecycle: Exfil, Corruption, Disruption |
|
-2553 |
Attack Lifecycle: Target Attainment |
|
-2552 |
Attack Lifecycle: Lateral Movement |
|
-2551 |
Attack Lifecycle: Command and Control |
|
-2550 |
Attack Lifecycle: Initial Compromise |
|
-2549 |
Attack Lifecycle: Recon and Planning |
|
-2363 |
Network: Whitelisted Processes |
|
-2362 |
Vulnerability Scanners |
|
-2180 |
Network: Blacklisted Countries |
|
-2092 |
Privileged Groups |
|
-2091 |
Privileged Users |
|
-1000000 |
CloudAI: Monitored Identities |
|
-1000001 |
CloudAI: Ignore for 24 Hours |
|
-1000002 |
Privileged Users |
|
-1000003 |
Executive Users |
|
-1000004 |
Watched Users |
|
-1000005 |
Location Watch List |
The following table indicates other KB modules which also use the Lists included with the UEBA Module.
|
ListID |
List Name |
KB Module Name |
|---|---|---|
|
-2092 |
Privileged Groups |
User Threat Detection |
|
-2092 |
Privileged Groups |
CIS Critical Security Controls |
|
-2180 |
Network: Blacklisted Countries |
User Threat Detection |
|
-2180 |
Network: Blacklisted Countries |
UCF Automation Suite |
|
-2180 |
Network: Blacklisted Countries |
Network Threat Detection |
|
-2180 |
Network: Blacklisted Countries |
Compliance Automation Suite: GDPR |
|
-2180 |
Network: Blacklisted Countries |
CIS Critical Security Controls |
|
-2362 |
Vulnerability Scanners |
UCF Automation Suite |
|
-2362 |
Vulnerability Scanners |
Network Threat Detection |
|
-2362 |
Vulnerability Scanners |
Endpoint Threat Detection |
|
-2362 |
Vulnerability Scanners |
Compliance Automation Suite: GDPR |
|
-2363 |
Network: Whitelisted Processes |
Endpoint Threat Detection |
|
-2549 |
Attack Lifecycle: Recon and Planning |
User Threat Detection |
|
-2549 |
Attack Lifecycle: Recon and Planning |
Network Threat Detection |
|
-2549 |
Attack Lifecycle: Recon and Planning |
Endpoint Threat Detection |
|
-2549 |
Attack Lifecycle: Recon and Planning |
Core Threat Detection |
|
-2550 |
Attack Lifecycle: Initial Compromise |
User Threat Detection |
|
-2550 |
Attack Lifecycle: Initial Compromise |
Network Threat Detection |
|
-2550 |
Attack Lifecycle: Initial Compromise |
Endpoint Threat Detection |
|
-2550 |
Attack Lifecycle: Initial Compromise |
Core Threat Detection |
|
-2551 |
Attack Lifecycle: Command and Control |
User Threat Detection |
|
-2551 |
Attack Lifecycle: Command and Control |
Network Threat Detection |
|
-2551 |
Attack Lifecycle: Command and Control |
Endpoint Threat Detection |
|
-2551 |
Attack Lifecycle: Command and Control |
Core Threat Detection |
|
-2552 |
Attack Lifecycle: Lateral Movement |
User Threat Detection |
|
-2552 |
Attack Lifecycle: Lateral Movement |
Network Threat Detection |
|
-2552 |
Attack Lifecycle: Lateral Movement |
Endpoint Threat Detection |
|
-2552 |
Attack Lifecycle: Lateral Movement |
Core Threat Detection |
|
-2553 |
Attack Lifecycle: Target Attainment |
User Threat Detection |
|
-2553 |
Attack Lifecycle: Target Attainment |
Network Threat Detection |
|
-2553 |
Attack Lifecycle: Target Attainment |
Endpoint Threat Detection |
|
-2553 |
Attack Lifecycle: Target Attainment |
Core Threat Detection |
|
-2554 |
Attack Lifecycle: Exfil, Corruption, Disruption |
User Threat Detection |
|
-2554 |
Attack Lifecycle: Exfil, Corruption, Disruption |
Network Threat Detection |
|
-2554 |
Attack Lifecycle: Exfil, Corruption, Disruption |
Endpoint Threat Detection |
|
-2554 |
Attack Lifecycle: Exfil, Corruption, Disruption |
Core Threat Detection |