Activate Indicators and Warnings Categories

These categories cover almost every log entry imaginable from any device.

The Categories

There are six categories. Not all devices will have events that fall into each category.

Entity Authentication

These events are related to account logins and logouts. This could be for user accounts, service accounts, system accounts, machine accounts, etc., for any device, from operating systems to applications.

Entity Management

These events are related to account management. This includes things like account creation/modification/deletion, group creation/modification/deletion, changes in passwords or privileges, etc.

Product Specific Events

These are the events from the device for which you acquired it. Some examples are:
  • Firewalls - accept and deny events
  • IDS - exploit detection
  • Proxy - attempt to connect to restricted site

Product Patterns

These are patterns of events that have meaning for the device when they happen within a short time or in a particular sequence.

System Changes

These are configuration changes, host/service/module state changes (startup, shutdown, restarts, etc.).

System Errors

These are any errors that the device logs. These could be any type of error, such as service crashes, malformed statement, HTTP 404 messages, etc.

-- PrenticeHayes - 05 Feb 2018
Topic revision: r2 - 06 Feb 2018, PrenticeHayes


Activate Wiki

This site is powered by FoswikiCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback