SSIM Windows Security Violation Rule

book

Article ID: 156833

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You need guidance on SSIM Windows Security Violation Rules

Resolution

SSIM Windows Security Violation Rules.
 
The SSIM Windows Security Violation Rule is a Predefined rule and it is triggered based on Single Event. It creates a conclusion if an event matches the specified criteria. This rule type requires that the Tracking field is populated. It is disabled by default and it is based on Windows Event logs.
 
The SSIM Manager contains a list of predefined security events which are identified as most common security threats. This list is updated automatically through DeepSight and through LiveUpdate. In order to see the list of SSIM predefined Windows Security Violation events please follow the steps below:
 
Please open SSIM client -> Rules -> Lookup Tables -> System Lookup Tables -> Windows events
 
The full list of windows Security Events can be obtained under the following link:
 
Security Event Descriptions
 
http://support.microsoft.com/kb/174074