You need guidance on SSIM Windows Security Violation Rules
SSIM Windows Security Violation Rules.
The SSIM Windows Security Violation Rule is a Predefined rule and it is triggered based on Single Event. It creates a conclusion if an event matches the specified criteria. This rule type requires that the Tracking field is populated. It is disabled by default and it is based on Windows Event logs.
The SSIM Manager contains a list of predefined security events which are identified as most common security threats. This list is updated automatically through DeepSight and through LiveUpdate. In order to see the list of SSIM predefined Windows Security Violation events please follow the steps below:
Please open SSIM client -> Rules -> Lookup Tables -> System Lookup Tables -> Windows events
The full list of windows Security Events can be obtained under the following link:
Security Event Descriptions