User and Entity Behavior Analytics – Lists
The following table contains the lists that are included in the UEBA module. All of these lists can be configured in the LogRhythm environment.
List ID | List Name |
|---|---|
-2554 | Attack Lifecycle: Exfil, Corruption, Disruption |
-2553 | Attack Lifecycle: Target Attainment |
-2552 | Attack Lifecycle: Lateral Movement |
-2551 | Attack Lifecycle: Command and Control |
-2550 | Attack Lifecycle: Initial Compromise |
-2549 | Attack Lifecycle: Recon and Planning |
-2363 | Network: Whitelisted Processes |
-2362 | Vulnerability Scanners |
-2180 | Network: Blacklisted Countries |
-2092 | Privileged Groups |
-2091 | Privileged Users |
-1000000 | CloudAI: Monitored Identities |
-1000001 | CloudAI: Ignore for 24 Hours |
-1000002 | Privileged Users |
-1000003 | Executive Users |
-1000004 | Watched Users |
-1000005 | Location Watch List |
The following table indicates other KB modules which also use the Lists included with the UEBA Module.
ListID | List Name | KB Module Name |
|---|---|---|
-2092 | Privileged Groups | User Threat Detection |
-2092 | Privileged Groups | CIS Critical Security Controls |
-2180 | Network: Blacklisted Countries | User Threat Detection |
-2180 | Network: Blacklisted Countries | UCF Automation Suite |
-2180 | Network: Blacklisted Countries | Network Threat Detection |
-2180 | Network: Blacklisted Countries | Compliance Automation Suite: GDPR |
-2180 | Network: Blacklisted Countries | CIS Critical Security Controls |
-2362 | Vulnerability Scanners | UCF Automation Suite |
-2362 | Vulnerability Scanners | Network Threat Detection |
-2362 | Vulnerability Scanners | Endpoint Threat Detection |
-2362 | Vulnerability Scanners | Compliance Automation Suite: GDPR |
-2363 | Network: Whitelisted Processes | Endpoint Threat Detection |
-2549 | Attack Lifecycle: Recon and Planning | User Threat Detection |
-2549 | Attack Lifecycle: Recon and Planning | Network Threat Detection |
-2549 | Attack Lifecycle: Recon and Planning | Endpoint Threat Detection |
-2549 | Attack Lifecycle: Recon and Planning | Core Threat Detection |
-2550 | Attack Lifecycle: Initial Compromise | User Threat Detection |
-2550 | Attack Lifecycle: Initial Compromise | Network Threat Detection |
-2550 | Attack Lifecycle: Initial Compromise | Endpoint Threat Detection |
-2550 | Attack Lifecycle: Initial Compromise | Core Threat Detection |
-2551 | Attack Lifecycle: Command and Control | User Threat Detection |
-2551 | Attack Lifecycle: Command and Control | Network Threat Detection |
-2551 | Attack Lifecycle: Command and Control | Endpoint Threat Detection |
-2551 | Attack Lifecycle: Command and Control | Core Threat Detection |
-2552 | Attack Lifecycle: Lateral Movement | User Threat Detection |
-2552 | Attack Lifecycle: Lateral Movement | Network Threat Detection |
-2552 | Attack Lifecycle: Lateral Movement | Endpoint Threat Detection |
-2552 | Attack Lifecycle: Lateral Movement | Core Threat Detection |
-2553 | Attack Lifecycle: Target Attainment | User Threat Detection |
-2553 | Attack Lifecycle: Target Attainment | Network Threat Detection |
-2553 | Attack Lifecycle: Target Attainment | Endpoint Threat Detection |
-2553 | Attack Lifecycle: Target Attainment | Core Threat Detection |
-2554 | Attack Lifecycle: Exfil, Corruption, Disruption | User Threat Detection |
-2554 | Attack Lifecycle: Exfil, Corruption, Disruption | Network Threat Detection |
-2554 | Attack Lifecycle: Exfil, Corruption, Disruption | Endpoint Threat Detection |
-2554 | Attack Lifecycle: Exfil, Corruption, Disruption | Core Threat Detection |