What common log correlation policies are recommended? | Log Manager FAQ

Some common correlation policies that are frequently configured for Alert Logic® Log Manager™ include:

  • Active Directory Group Added
  • Active Directory Group Modified (Security Enabled)
  • Anti-virus Disabled or Stopped
  • Cisco IOS DHCP Snooping Detected
  • Computer Account Created
  • Database User Access
  • Group Modified (Security Enabled)
  • Successful Login to Restricted Systems
  • Network Device Changes
  • Network Device Failed Logins
  • New Local User Account Created
  • Unix Account Created

For step-by-step instructions on how to create a correlation policy, refer to our Create a correlation policy documentation.

Was this article helpful?
0 out of 2 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.