Showing results for 
Show  only  | Search instead for 
Did you mean: 

Must have security use cases

Hi team!

By your own experience, what use cases should be monitoring? What the most triggered use cases?

As I understand there are no reason to turn on all use cases. There are some general, some the most critical that not depend on client infrastructure.

3 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: Must have security use cases

Users added to a security enabled group (Domain Admins) is typically the first rule I setup for clients.

Level 8
Report Inappropriate Content
Message 3 of 4

Re: Must have security use cases

I would say correlations of malware (virus across multiple systems, recurring malware)
If you have GTI suscription or any blacklist to see if a machine connects to a bad reputation IP.
If you are enforcing DNS on machines there is a correlation when someone tries to connect to another DNS.

You can also take a look at the content packs if any of those make sense to you and you have the needed devices .

Re: Must have security use cases

No one else wants to share their experiences with use cases? 🙂

From my experience one of the useful use cases was that someone login to office365 from blacklisted IPs. More than once there was a counteraction to the compromise of the account.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community