Monitoring user behaviors with SureLog SIEM is easy and manageable.
This article may interest you
Example of those kind of rules:
- Monitor multiple VPN Accounts Logged In From Single IP,
- Monitor if a VPN Accounts Logged in a machine and if there is a request from this machine to a DB which holds PI data,
- Monitor logins against terminated employee .
- Alert when a user is still logged on but someone else logs on with a different IP using the same username to any machine
As a development sample:
We want to get alert” when a user is still logged on but someone else logs on with a different IP using the same username to any machine “
We will implement this rule with SureLog SIEM. The order of rules (steps) important and managed by “Rule Priority” parameter by SureLog
Step 1: Create a rule to alert when user is still logged on but someone else logs on with a different IP using same username.
Thereare special operators related to list management in SureLog like “ Key in List With Different Data “
Step 2: Add USER:DSTIP:SRCIP (key1, key2,value) to the list if both USER:DSTIP:SRCIP is not in the list .
Step 3: Remove the user from the list when user logs off.
The content has been sourced from