Comodo Help
Find the desired product help
Xcitium NxSIEM

Xcitium NxSIEM

Admin Guide 1.4

English

Print Help Download Help
Live Lists
  • Introduction To Comodo NxSIEM
    • Logging-in To The Administrative Console
  • The Main Interface
  • The Dashboard
  • Customer Asset Management
    • Adding Customers
    • Adding Assets For Monitoring
      • Hard Assets
      • Soft Assets
    • Downloading And Installing The NxSIEM Agent On Endpoints
    • Configuring Nxlog And Rsyslog Servers To Send Logs To NxSIEM Server
    • Editing Customers
  • Log Collection Agents And Policies
    • Collection Agents
      • Downloading NxSIEM Windows And Linux Agents
      • Managing Agents
      • Agentless Log Collection
    • Log Collection Policies
      • Audit Events Policy
      • Flat File Policy
      • Remote Log Collection Policy
      • Syslog Policy
      • Configuring Log Collection Policies
  • Query Management
    • Configuring Event Queries
    • Configuring Custom Dashboards
  • Managing Rules
  • Incidents And Cases
    • Managing Incidents
    • Managing Cases
  • Live Lists
    • Managing Live Lists
    • Managing Live List Content
  • Managing Reports
  • Administration
    • Viewing Log Collection Summaries
    • Managing Users
    • Viewing License And Subscription Details And Configuring NxSIEM Platform URL
  • Appendix 1 – Field Groups And Event Items Description
  • Appendix 2 - Configuring Endpoints To Forward Logs To NxSIEM Server
  • About Comodo Security Solutions

Live Lists


Live Lists allows administrators to create and manage lists of defined values for fields which can be used as parameters in event queries and correlation rules. For example, a list can be created with the IP addresses of malicious domains which could be used for the 'Destination Translated IP' (dst_tr_ip) field of a query designed to identify events involving access to malware domains.


Any updates to a live list are dynamically reflected in all queries and rules in which it is used.

Live lists are created by first specifying the event field then populating it with values. Values can be populated in two ways:
  • Values can be manually entered
  • Correlation rules can be configured to feed values from events to a live list
Each Live List can be defined with several list types, each type containing a set of values. For example, you can create a Live List called 'IP Blacklist' which contains two types, 'Internal' (IP addresses of infected internal hosts) and 'External' (IP addresses of external malware hosts). These two lists can be used separately if required.

To open the 'Live List' interface, click the menu button at top right and choose 'Lists':





Refer to the following sections for more details:

  • Managing Live Lists
  • Managing Live List Content

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.