Event handlers updated to detect risky access over SSL and SSH
Default event handlers have been updated to detect risky access over SSL and SSH, and generate security events.
- Predefined event handlers are updated in the Event Handler List to include Default-Risky-Destination-Detection-By-Endpoint and Default-Risky-Destination-Detection-By-Threat.
- The following is an example of the updated Default-Risky-Destination-Detection-By-Endpoint handler for SSL and SSH logs.
- The following is an example of the updated Default-Risky-Destination-Detection-By-Threat handler for SSL and SSH logs.
- The following is an example of events triggered by SSL and SSH logs from Default-Risky-Destination-Detection-By-Threat/By-Endpoint handlers.