Static lists are lists that do not depend on any condition in which companies determine their inventories such as Administrator Users, Branch Networks, NAC Servers etc. You can use these lists for exclude and include parameters when creating correlation rules.
Static list allows you to fill list by values you want matches. When Logsign Unified SecOps Platform detects your keys of the list in the logs, You can use this keys of the list for alert behaviour option.
Description: In terms of definition, you need to specify a name for the list.
Type: Static
Severity: You can decide with this severity selection how much important the list for you.
Context: You can tag the object, which enters this list, as Suspicious, Victim or Attacker for future events.
Tag: You can determine from this section which groups will have the authority to view the list that you are creating.
Match Type: You can select which type of data stores in the list, these types are.
Static Key: You can add any string value into your list.
Contains Any: You can add any partial string value into your list.
IP – Network: You can add any IP or IP Range or Network Range information into your list. (IP Network Format Tips: 10.0.0.0/255.0.0.0 OR 10.0.0.0/24 OR 10.0.0.1 – 10.0.0.50)
Integer Range: You can add any Integer value into your list (Integer Format tips: 100 - 500)
Then your use the Save button to save your settings.