default.png

Default Lists

The Default Lists application contains lists shipped as a vendor package.

Release Details
Version:5.0.0
Release date:2021-08-26
Document date:2021-08-26
Supported On:LogPoint v6.6.0 and later
SHA 256: 8d117d1f32c7fd7b97eecf5bde0d307ac9ecda1e1bf6345a18e7fc66ed1501ca
Download

Package Details

The application contains:

  1. KB List
    • ABNORMAL_FILES
    • ADMIN_GROUPS
    • ADMIN_SOURCES
    • ADMINS
    • ALERT_BAD_IP
    • ALERT_IRC_PORT
    • ALERT_MAIL_SERVER
    • ALERT_OPEN_PORTS
    • ALERT_PRESENT_EMPLOYEES
    • ALERT_UNUSUAL_SOURCE
    • ALLOWED_PORTS
    • ALLOWED_PROGRAMS
    • ANTI_MALWARE_SYSTEMS
    • APPLICATION_SHIM_OBJECTS
    • ATTACK_COMMANDS
    • BAD_RABBIT_FILE
    • BAD_RABBIT_HASH
    • BLACKENERGY3
    • BLACKLIST_IPS
    • BLACKLISTED_DOMAIN
    • BLACKLISTED_IP
    • BLACKLISTED_PORTS
    • BLOCKED_APPLICATION
    • C2C_SOURCES
    • CARD_HOLDER_DATA
    • CLOP_C2_DOMAINS
    • CLOP_DOMAINS
    • CLOP_HASHES
    • CLOP_RANSOMWARE_EMAILS
    • CLOP_RANSOMWARE_HASHES
    • CLOUD_APP
    • CLOUD_APPLICATION_IP
    • CLOUD_APPLICATIONS
    • COMMON_PORTS
    • CONCERNED_CONTENT
    • CRIMINAL_CONTENT
    • CRITICAL_DIR
    • CRITICAL_FILE
    • CRITICAL_FILES
    • CRITICAL_FOLDER
    • CRITICAL_HOSTS
    • CRITICAL_SYSTEMS
    • DARKADDRESS
    • DASHBOARD_VALIDATE_LIST
    • DATABASE_ACTIONS
    • DATABASE_ADMINS
    • DATABASE_SOURCE
    • DATABASE_SYSTEMS
    • DATASERVERS
    • DEFAULT_PARAMETERS
    • DEFAULT_USERS
    • DMZ
    • DOMAIN
    • DOPPELPAYMENR_RANSOMWARE_DOMAINS
    • DOPPELPAYMER_RANSOMWARE_CVE
    • DOPPELPAYMER_RANSOMWARE_HASHES
    • DRAGONFLY_CNC_REQUEST
    • DRAGONFLY_DIGEST
    • DRAGONFLY_MALICIOUS_FILES
    • DRAGONFLY_MALICIOUS_FOLDER
    • DRAGONFLY_MALICIOUS_REGISTRY
    • DYNAMIC_CATEGORIES
    • EXCLUDED_USERS
    • EXECUTABLES
    • EXTREMIST_CONTENT
    • FACEBOOK
    • FILE_EXTENSIONS
    • FILE_SHARING_APPLICATIONS
    • FIREWALL_SYSTEMS
    • HIDDEN_COBRA_CVE
    • HIDDEN_COBRA_EMAIL
    • HIDDEN_COBRA_FILE
    • HIDDEN_COBRA_FILES
    • HIDDEN_COBRA_HASH
    • HIDDEN_COBRA_IP
    • HIDDEN_COBRA_IPS
    • HIGH_ALERT_MACHINES
    • HIGH_IMPACT_ASSETS
    • HOME_DIR
    • HOME_DOMAIN
    • HOME_FOLDER
    • HOMENET
    • HTTP_ERROR
    • IMP_FILE
    • INACTIVE_USERS
    • INJECTION_CHARACTER
    • IRC_PORTS
    • KASPERSKY_UPDATE_FAILURES
    • KNOWN_APPLICATIONS
    • KNOWN_COUNTRY
    • KNOWN_DOMAINS
    • KNOWN_FILE
    • KNOWN_SERVER_HOST
    • LOGPOINT_GROUPS
    • MAIL_SERVER_IP
    • MAIL_SERVERS
    • MALICIOUS_POWERSHELL_COMMANDLET_NAMES
    • MALICIOUS_POWERSHELL_COMMANDS
    • MALWARE
    • MALWARE_DOMAINS
    • MALWARE_EMAILS
    • MALWARE_FILES
    • MALWARE_HASH
    • MALWARE_IP
    • MALWARE_URL
    • MANAGERS
    • MATRIX_FILE
    • MOBILE_USER_AGENTS
    • MSSQL2008_ACCOUNT_MGMT
    • NETWORK_SYSTEMS
    • PETYA_COMMAND
    • POLICY_URLS
    • PRIVILEGE_GROUP
    • PRIVILEGED_USER
    • RISK_COUNTRIES
    • SECURITY_DEVICES
    • SERVER_ADDRESS
    • SQL_INJECTION_CHARACTERS
    • STATIC_CATEGORIES
    • SUSPICIOUS_NTP_SOURCES
    • SUSPICIOUS_USER
    • SYSLOG_SOURCE
    • TROJAN_KARAGANY
    • UNAPPROVED_PORT
    • UNENCRYPTED_PROTOCOLS
    • VULNERABLE_CONTENT
    • VULNERABLE_HOST
    • VULNERABLE_IP
    • VULNERABLE_WORKSTATIONS
    • WANNACRY_DOMAIN
    • WANNACRY_EXTENSION
    • WEBSERVER_SYSTEMS
    • WIN_PROCESS_EVENT_ID
    • WINADMINS
    • WINDOWS_DC
    • XSS_TAG
    • YOUTUBE

Functional Description

The key feature is to use it in coordination with the queries in dashboards, reports, and alerts.

Installation

Download the Default Lists package from the Download section above.

 

Support

If you have any queries or require assistance, please feel free to contact our support team:

Email:             servicedesk@logpoint.com

Phone:           +45 7060 6100

Best regards,

LogPoint.svg

Comments

Article is closed for comments.