You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/cse/match-lists-suppressed-lists/standard-match-lists.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -548,7 +548,7 @@ The following Cloud SIEM rules refer to this match list:
548
548
549
549
**Target column:** Username (`Username`)
550
550
551
-
**Description:**Unrecognized Docker container images that may indicate an attempt to bypass security controls on existing images or escalate privileges.
551
+
**Description:** Known approved Docker images that act as a whitelist. If an image is identified that is not on this list, further investigation is warranted. If approved images are identified they should be added to this list.
552
552
553
553
The following Cloud SIEM rules refer to this match list:
554
554
* Unrecognized Container Image
@@ -621,9 +621,9 @@ The following Cloud SIEM rules refer to this match list:
621
621
622
622
### OneLogin_Untrusted_Location
623
623
624
-
**Target column:**Username (`Username`)
624
+
**Target column:**IP Address (`Ip`)
625
625
626
-
**Description:**Users that are known to be involved with specific administrative or privileged activity.
626
+
**Description:**Locations that are known to be untrusted.
627
627
628
628
The following Cloud SIEM rules refer to this match list:
629
629
* OneLogin - API Credentials - Key Used from Untrusted Location
0 commit comments