Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

What is an Event Set?

In ConnectSecure, Event Sets are the predefined events that can trigger alerts in the supported integrations. Categories organize them and can be enabled with a simple checkbox.

Event Sets are hard-coded and can not be modified or removed from the system.


Event Set - Table of Contents


Event Set - Details

You will find Event Sets under each of the Integration tiles

Events Sets are available for each integrator; not all are shown below.

image-20240607-190051.pngimage-20240607-190322.png

Events by Category

Event Set categories include:

System Changes, Problems, Solutions, Azure AD Audit, Azure AD Error, and AD Audit.

Below is a breakdown of each category and the available 'events' you can monitor for each.


System Changes

  • New Company Created

  • New Asset Added

  • New Open Port Discovered (Probe Scan)

  • New Open Port Discovered (External Scan)

Problems

  • CISA Vulnerabilities Found

  • Critical Severity Vulnerabilities Found

  • High Severity Vulnerabilities Found

  • Remote Login Vulnerabilities Found

  • SMB Vulnerabilities Found

  • SSL/TLS Vulnerabilities Found

  • Vulnerabilities Found During External Scan

  • Vulnerabilities Found With EPSS Score > 95

Solutions

  • Remediation Available

  • Remediation Found with EPSS >=0.95

  • Remediation Found With EPSS between 0.85 and 0.9

  • Remediation Found with EPSS between 0 and 0.85

  • Application Baseline Plans Available

Azure AD Audit

  • A member was added to a security-disabled universal group

  • A member was added to a security-enabled universal group (AzureAD)

  • A member was removed from a security-disabled universal group (AzureAD)

  • A member was removed from a security-enabled universal group (AzureAD)

Azure AD Error

  • Azure AD Sync Failure

  • Azure Token Expired Error

AD Audit

  • A directory service object was created (Success)

  • A directory service object was deleted (Success)

  • A directory service object was moved (Success)

  • A group service object was modified (Success)

  • A logon was attempted using explicit credentials (Success)

  • A member was added to a security-disabled global group

  • A member was added to a security-disabled local group

  • A member was added to a security-disabled universal group

  • A member was added to a security-enabled global group

  • A member was added to a security-enabled local group

  • A member was added to a security-enabled universal group

  • A member was removed from a security-disabled global group

  • A member was removed from a security-disabled local group

  • A member was removed from a security-disabled universal group

  • A member was removed from a security-enabled global group

  • A member was removed from a security-enabled local group

  • A member was removed from a security-enabled universal group

  • A network share object was accessed

  • A request was made to authenticate to a wired network (Success/Failure)

  • A request was made to authenticate to a wireless network (Success/Failure)

  • A risky sign-in attempt made (Success)

  • A security-disabled global group was created

  • A security-disabled global group was deleted

  • A security-disabled local group was created

  • A security-disabled local group was deleted

  • A security-disabled universal group was created

  • A security-disabled universal group was deleted

  • A security-enabled global group was created

  • A security-enabled global group was deleted

  • A security-enabled local group was created

  • A security-enabled local group was deleted

  • A security-enabled universal group was changed

  • A security-enabled universal group was created

  • A security-enabled universal group was deleted

  • A session was disconnected from a Windows Station (Success)

  • A session was reconnected to a Windows Station (Success)

  • A user Account was created

  • A user Account was deleted

  • A user Account was disabled

  • A user account was enabled

  • A user account was locked out

  • A user account was unlocked

  • A user-initiated logoff (Success)

  • An attempt was made to change an Account's password

  • An attempt was made to create a hard link

  • An attempt was made to reset an Account's password

  • Computer Account was created

  • Computer Account was deleted

  • Login Failure

  • Login Success

  • System security access was granted to an Account (Success)

  • The domain controller failed to validate the credentials for an Account

  • The name of an Account was changed

  • The requested credentials delegation was disallowed by policy (Failed)

  • The workstation was locked (Success)

  • The workstation was unlocked (Success)


Events Group By Options

When creating an Event Set alert using one of the options above, you can set the ‘Group By’ field to organize the alerts into groups instead of individual alerts. Each category has its own ‘Group By’ options, as shown in the table below.

image-20240607-191449.png

Event Set Category

Group By Options

System Changes

ASSET, COMPANY

Problems

OS, PRODUCT, ASSET, COMPANY

Solutions

PRODUCT, ASSET, COMPANY, FIX, ASSET AND PRODUCT

Azure AD Audit

EVENT, COMPANY

Azure AD Error

COMPANY

AD Audit

EVENT, COMPANY, USER


Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login

image-20240206-144508.png

  • No labels