What is an Event Set?
In ConnectSecure, Event Sets are the predefined events that can trigger alerts in the supported integrations. Categories organize them and can be enabled with a simple checkbox.
Event Sets are hard-coded and can not be modified or removed from the system.
Event Set - Table of Contents
Event Set - Details
You will find Event Sets under each of the Integration tiles
Events Sets are available for each integrator; not all are shown below.
Events by Category
Event Set categories include:
System Changes, Problems, Solutions, Azure AD Audit, Azure AD Error, and AD Audit.
Below is a breakdown of each category and the available 'events' you can monitor for each.
System Changes
New Company Created
New Asset Added
New Open Port Discovered (Probe Scan)
New Open Port Discovered (External Scan)
Problems
CISA Vulnerabilities Found
Critical Severity Vulnerabilities Found
High Severity Vulnerabilities Found
Remote Login Vulnerabilities Found
SMB Vulnerabilities Found
SSL/TLS Vulnerabilities Found
Vulnerabilities Found During External Scan
Vulnerabilities Found With EPSS Score > 95
Solutions
Remediation Available
Remediation Found with EPSS >=0.95
Remediation Found With EPSS between 0.85 and 0.9
Remediation Found with EPSS between 0 and 0.85
Application Baseline Plans Available
Azure AD Audit
A member was added to a security-disabled universal group
A member was added to a security-enabled universal group (AzureAD)
A member was removed from a security-disabled universal group (AzureAD)
A member was removed from a security-enabled universal group (AzureAD)
Azure AD Error
Azure AD Sync Failure
Azure Token Expired Error
AD Audit
A directory service object was created (Success)
A directory service object was deleted (Success)
A directory service object was moved (Success)
A group service object was modified (Success)
A logon was attempted using explicit credentials (Success)
A member was added to a security-disabled global group
A member was added to a security-disabled local group
A member was added to a security-disabled universal group
A member was added to a security-enabled global group
A member was added to a security-enabled local group
A member was added to a security-enabled universal group
A member was removed from a security-disabled global group
A member was removed from a security-disabled local group
A member was removed from a security-disabled universal group
A member was removed from a security-enabled global group
A member was removed from a security-enabled local group
A member was removed from a security-enabled universal group
A network share object was accessed
A request was made to authenticate to a wired network (Success/Failure)
A request was made to authenticate to a wireless network (Success/Failure)
A risky sign-in attempt made (Success)
A security-disabled global group was created
A security-disabled global group was deleted
A security-disabled local group was created
A security-disabled local group was deleted
A security-disabled universal group was created
A security-disabled universal group was deleted
A security-enabled global group was created
A security-enabled global group was deleted
A security-enabled local group was created
A security-enabled local group was deleted
A security-enabled universal group was changed
A security-enabled universal group was created
A security-enabled universal group was deleted
A session was disconnected from a Windows Station (Success)
A session was reconnected to a Windows Station (Success)
A user Account was created
A user Account was deleted
A user Account was disabled
A user account was enabled
A user account was locked out
A user account was unlocked
A user-initiated logoff (Success)
An attempt was made to change an Account's password
An attempt was made to create a hard link
An attempt was made to reset an Account's password
Computer Account was created
Computer Account was deleted
Login Failure
Login Success
System security access was granted to an Account (Success)
The domain controller failed to validate the credentials for an Account
The name of an Account was changed
The requested credentials delegation was disallowed by policy (Failed)
The workstation was locked (Success)
The workstation was unlocked (Success)
Events Group By Options
When creating an Event Set alert using one of the options above, you can set the ‘Group By’ field to organize the alerts into groups instead of individual alerts. Each category has its own ‘Group By’ options, as shown in the table below.
Event Set Category | Group By Options |
---|---|
System Changes | ASSET, COMPANY |
Problems | OS, PRODUCT, ASSET, COMPANY |
Solutions | PRODUCT, ASSET, COMPANY, FIX, ASSET AND PRODUCT |
Azure AD Audit | EVENT, COMPANY |
Azure AD Error | COMPANY |
AD Audit | EVENT, COMPANY, USER |
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
https://cybercns.freshdesk.com/en/support/login