SureLog SIEM User Behavior Monitoring Rules -New Account Use Detected
2 min readApr 3, 2019
Monitoring user behaviors with SureLog SIEM is easy and manageable.
As a rule development sample: We want to get alert when new account use detected.
SureLog will collect created users and available users continuously from many log sources like servers, endpoints, firewalls, switches, routers. Then after seven days “New Account Use Detected” rule will be enabled.
We will implement this rule with SureLog SIEM. The order of rules (steps) important and managed by “Rule Priority” parameter by SureLog.
Step 1. Create a list and update this list with active users.
In this first step, we limited this rule for seven days using Start&Expire Time fields using the rule editor GUI.
Step 2. Check new login events from this collected list
