Network Insight Template
Network Insight Controls
Network Insight Asset Changes Datasource
The following controls can be applied to Network Insight software from within the Asset Changes pre-configured datasource:
|
Action |
Subaction |
Condition |
| System Activity | ||
|
Check it |
Asset Expired |
.*Asset\/Expired.* |
| Check it | Asset Suspected | .*Asset\/Suspected.* |
| Fix it | Asset Remediated | .*Asset\/Remediated.* |
| Virus detection | Malware Detection | .*Asset\/Infected.* |
Network Insight Asset Evidence Datasource
The following controls can be applied to Network Insight software from within the Asset Evidence pre-configured datasource:
|
Action |
Subaction |
Condition |
| System Activity | ||
|
Threat Evidence |
DNS Lookup |
.*Evidence\/DNS_Lookup.* |
| Threat Evidence | File Download Status Change | .*Evidence\/File_Download_Status_Change.* |
| Threat Evidence | File Download | .*Evidence\/File_Download.* |
| Threat Evidence | File Execution | .*Evidence\/File_Execution.* |
| Threat Evidence | File Status Change | .*Evidence\/File_Status_Change.* |
| Threat Evidence | HTTP Request | .*Evidence\/HTTP_Request.* |
| Threat Evidence | Proxy HTTP Request | .*Evidence\/Proxy_HTTP_Request.* |
| Threat Evidence | TCP Connection | .*Evidence\/TCP_Connection.* |
| Threat Evidence | UDP Connection | .*Evidence\/UDP_Connection.* |
Network Insight Healthchecks Datasource
The following controls can be applied to Network Insight software from within the Healthchecks pre-configured datasource:
|
Action |
Subaction |
Condition |
| System Management | ||
|
Software Notification |
NIC Down |
HealthCheck\/NIC_Down |
| Software Notification | Sensor Down | HealthCheck\/Sensor_Down |
Network Insight System Management Datasource
The following controls can be applied to Network Insight software from within the System Management pre-configured datasource:
|
Action |
Subaction |
Condition |
| System Management | ||
|
Configuration Rule Modification |
Configuration Rule Modification |
.*msg=.*\s+changed \/global.*from.*to.* |
| Object Creation | Object Creation | .*\s+created custom threat.* |
| Object Modification | Object Modification | .*\s+changed custom threat.* |
Network Insight User Activity Datasource
The following controls can be applied to Network Insight software from within the User Activity pre-configured datasource:
|
Action |
Subaction |
Condition |
| System Management | ||
| Configuration Rule Modification | Threat Definition Update | .*Threat Update.* |
| User Activity | ||
|
Logoff |
Interactive Logoff |
.*session.*has ended.* |
| Login Failure | Interactive Login Failure | .*login failed.* |
| Successful Login | Interactive Login | .*has logged in.* |
Network Insight User Management Datasource
The following controls can be applied to Network Insight software from within the User Management pre-configured datasource:
|
Action |
Subaction |
Condition |
| Users' Management | ||
| Password Modification | Password Modification | .*The password of user.* was changed by user.* |
|
User Addition to Group/Role/Profile |
Member Addition to User/Role |
.*The roles of user.*was changed from.* |
| User Creation | User Creation | .*User.*created by.* |
| User Deletion | User Deletion | User.*deleted.* |
| User Disabling | User Disabling | .*The disabled of user.*was changed from false to true by user.* |
| User Enabling | User Enabling | .*The disabled of user.*was changed from true to false by user.* |
| User Modification | User Modification | .*The(?!disabled|password|roles).* of user*was changed from.* to.* by user.* |