cancel
Showing results for 
Search instead for 
Did you mean: 

Must have security use cases

Hi team!

By your own experience, what use cases should be monitoring? What the most triggered use cases?

As I understand there are no reason to turn on all use cases. There are some general, some the most critical that not depend on client infrastructure.

3 Replies
Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Must have security use cases

Users added to a security enabled group (Domain Admins) is typically the first rule I setup for clients.

Brent
Highlighted

Re: Must have security use cases

I would say correlations of malware (virus across multiple systems, recurring malware)
If you have GTI suscription or any blacklist to see if a machine connects to a bad reputation IP.
If you are enforcing DNS on machines there is a correlation when someone tries to connect to another DNS.

You can also take a look at the content packs if any of those make sense to you and you have the needed devices .

Re: Must have security use cases

No one else wants to share their experiences with use cases? 🙂

From my experience one of the useful use cases was that someone login to office365 from blacklisted IPs. More than once there was a counteraction to the compromise of the account.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community