Home / Unlabelled / Importing Watchlists for Correlation Rules

Importing Watchlists for Correlation Rules

BlackHat 8:43 PM

Importing Watchlists for Correlation Rules

Some correlation rules require watchlists. RSA provides sample watchlist files with default values. You can import the values into the RSA enVision database and edit them as needed. The following table lists the correlation rules and their associated watchlists. Correlation Rule	Watchlist Name
CRL-00002-01	Blacklisted IP addresses
CRL-00013-02	Service User Names
CRL-00013-05	Known Service Accounts Known Vendor Accounts
CRL-00013-06	Known Service Accounts Known Vendor Accounts
CRL-00014	Administrative Groups Administrative Users
CRL-00037-01	RFC 1918 IP List
CRL-00040-1.0	Known Service Ports
CRL-00101	RFC 1918 IP List
CRL-00102	RFC 1918 IP List
CRL-00103	Administrative Groups Administrative Users
CRL-00110-DB	Confidential Data Patterns Confidential Accounts
CRL-00110-Email	Confidential Data Patterns Confidential Accounts DLP Confidential Data Policies
CRL-00110-IDS	Confidential Data Patterns Confidential Accounts
CRL-00110-FileIntegrity	Confidential Data Patterns Confidential Accounts
CRL-00110-Hosts	Confidential Data Patterns

-Regards,

Blackhattrick blog

(Googlethewebsite.blogspot.com/blackhattrick.blogspot.com)

Importing Watchlists for Correlation Rules

Importing Watchlists for Correlation Rules

Reviewed by BlackHat on 8:43 PM Rating: 5

No comments:

Subscribe to: Post Comments ( Atom )