Rules
Custom Rules (12)
Suppression Rules (9)
Drag here to set row groups
Drag here to set column labels
more_vert
RULE NAME
more_vert
DESCRIPTION
more_vert
SEVERITY
more_vert
ENABLED
more_vert
EVENT TYPE
more_vert
CREATED BY
more_vert
CREATED ON
more_vert
LAST UPDATED ON
1
OT Alert
error
Medium
True
Generic
S
Secureworks
4 days ago
3 days ago
OT Alert
warning
High
True
Generic
S
Secureworks
4 days ago
3 days ago
OT Alert
error
Medium
True
Generic
S
Secureworks
4 days ago
3 days ago
OT Alert
new_releases
Critical
True
Generic
S
Secureworks
4 days ago
3 days ago
Custom rule to detect Audit log clearances - Sign of suspicious behavior - CR001
new_releases
Critical
True
Auth
S
Secureworks
a month ago
3 days ago
Linux Alert - LM
error
Medium
True
Process
S
Secureworks
8 months ago
3 days ago
Detecting failed AWS Creation or Authorization of security groups
warning
High
False
Cloudaudit
S
Secureworks
4 months ago
3 days ago
Windows eventlog alert
error
Medium
True
Auth
S
Secureworks
7 months ago
3 days ago
Detect Honeypot activity
new_releases
Critical
True
Auth
S
Secureworks
13 days ago
3 days ago
Compliancy Alert
error
Medium
False
Auth
S
Secureworks
8 months ago
4 days ago
Compliancy Alert
warning
High
False
Auth
S
Secureworks
3 months ago
4 days ago
Compliancy Alert
warning
High
True
Process
S
Secureworks
8 months ago
4 days ago
to
of
Page
of
Items per page
25
1 - 12 in 12
Drag here to set row groups
Drag here to set column labels
more_vert
RULE NAME
more_vert
DESCRIPTION
more_vert
ENABLED
more_vert
CREATED BY
more_vert
CREATED ON
more_vert
LAST UPDATED ON
1
Using regex to see if we get more hits on alert title
True
S
Secureworks
3 months ago
20 hours ago
Testing use of wildcard within title.
True
S
Secureworks
3 months ago
3 months ago
200.52.100.7 is our VDR authorized scanner
True
S
Secureworks
7 months ago
7 months ago
172.16.14.250 is our VDR authorized scanner
True
S
Secureworks
2 years ago
8 months ago
This is due an AWS script on the instances. Putting in a suppression rule since it's authorized. - FF JIRA LS-13
True
S
Secureworks
8 months ago
8 months ago
This is due an AWS script on the instances. Putting in a suppression rule since it's authorized. - FF JIRA LS-13
True
S
Secureworks
8 months ago
8 months ago
Over time I have noticed more and more activity in SMITH in regards to AWS Cloud Watchlists. Majority of these alerts come from the Lab Team, Cloud Eng, and other internal teams for administrating and monitoring of our AWS PreSales cloud environment. Since theses are not part of any demos I'm suppressing them - FF 03/08/22
True
S
Secureworks
a year ago
a year ago
This username is used to perform authorized scanning.
True
S
Secureworks
2 years ago
a year ago
Suppressing the user 'watchdog' from cloud audit alerts
True
S
Secureworks
2 years ago
2 years ago
to
of
Page
of
Items per page
25
1 - 9 in 9