ObserveIT's Insider Threat Library
Insider Threat Intelligence
ITM On-Prem (ObserveIT) provides an extensive library of out-of-the-box detection scenarios that can be used by Business users and Administrators to detect insider threat on Windows, Mac, and Unix/Linux systems.
The ITM On-Prem (ObserveIT) Analytics Library Package contains over 300 rules that cover the most common scenarios of risky user activities that might generate alerts. These rules have built-in policy notifications that are designed to increase the security awareness of users, and reduce overall company risk.
To help you use the Alert Rules, ITM On-Prem (ObserveIT) has determined which Alert Rules (Windows/Mac) bring the highest value to customers. These “top” 60 Alert Rules for Windows/Mac are now active by default. All other Window/Mac rules are deactivated by default.
ObserveIT’s Library of alert rule scenarios are grouped according to security Categories to help navigation and facilitate their operation and maintenance. Rules can also be mapped to types of user groups, such as Privileged Users, Everyday Users, Remote Vendors, and so on, each with a specific risk level.
Each alert rule in the ITM On-Prem (ObserveIT) Insider Threat Library is associated with at least one Category. Categories apply to Windows, Mac, or Unix/Linux systems; some are relevant for all systems.
The Insider Threat Library is maintained by an ITM On-Prem (ObserveIT) Content Manager and released as a ZIP file to customers, providing them with the most up-to-date insider threat scenarios.
On Windows Desktops and Windows Server machines, alert rule scenarios might be relevant to all users or to specific user populations – such as, administrators, external vendors, or regular business end users. On Unix and Linux machines, alert rule scenarios apply mainly to administrators and external vendors. Some scenarios are relevant to all users, while some apply to specific user populations. With ObserveIT, you can easily assign each scenario to the relevant group of users. For details, see Implementing Lists in ObserveIT.
Related Topics: