Prewritten Entity Info Lists

Active Directory

  • EventID_WatchList: AD critical logging event IDs to watch; includes event ID translations

AWS

  • AWS_Change_Actions: AWS action prefixes that indicate an IAM change has been made

  • AWS_Gateway_Modified_Events: AWS events that indicate a gateway has been modified

  • AWS_IAM_Entity_Creation_Events: AWS API calls that are indicative of IAM entity creation

  • AWS_NACL_Modified_Events: AWS events that indicate a network ACL change has been made

  • AWS_Policy_Change_Events: AWS events that indicate a policy change has been made

  • AWS_Route_Modified_Events: AWS events that indicate an EC2 route has been modified

  • AWS_Security_Configuration_Events: AWS events indicating that a security configuration change has been made

  • AWS_Security_Group_Modified_Events: AWS events indicating that an EC2 security group has been modified

  • AWS_VPC_Modified_Events: AWS events that indicate a VPC has been modified

Event Interruption

  • EventSender_WatchList: Event senders that should be monitored for interruptions

  • EventSource_WatchList: Event sources that should be monitored for interruptions

  • EventSender_WatchList_Daily:

  • EventSource_WatchList_Daily:

Office365

  • O365_Administrative_Operations:

‚Äč