0 Replies Latest reply on Jul 17, 2017 9:37 AM by gonzalo.soto

    Umbrales (criticidad) de reglas de correlación recomendado por Macfee

    gonzalo.soto

      Dear,

       

      Along with greeting, I look for the criticality thresholds of the following correlation rules within the ESM.

       

      Rule Name: Login - Brute Force Login Attempts from multiple Sources

      Rule Name: Login - Brute Force Login Attempts to remote Host.

      • Rule Name: Login - Brute Force Login Attempts on an Internal Host from a multiple sources.

      • Rule Name: Database - unique Database Access multiple Attempt Failures

      • Rule Name: Database - Excessive Database Connections From Multiple Source

      • Rule Name: Database - Attempted Database Configuration Change by a Local Host

      • Rule Name: Component - Events to a Source Network