Comodo Help
Find the desired product help
Xcitium SIEM

Xcitium SIEM

cWatch Network Admin Guide

English

Print Help Download Help
Lists > Manage Multiple Column List Content
  • Introduction To Comodo CWatch Network
    • Purchase A License
    • Log-in To The Admin Console
  • The Main Interface
  • The Dashboard
  • Customer Asset Management
    • Add Customers
    • Add Assets For Monitoring
      • Hard Assets
      • Soft Assets
    • Configure Nxlog And Rsyslog To Send Logs To CWatch Network Server
    • Edit Customers
  • Query Management
    • Configure Event Queries
    • Long Term Analysis
    • Configure Custom Dashboards
    • Event Field Selection Settings
  • Manage Rules
    • Manage Correlation Rules
    • Manage Tagged Rules
    • Manage Aggregation Rules
  • Incidents
    • Manage Incidents
    • Incident Category Management
    • Category Action Management
  • Lists
    • Manage Live Lists
    • Manage Live List Content
    • Manage Range List Content
    • Manage IP Range List Content
    • Manage Multiple Column List Content
  • Manage Reports
  • Administration
    • Event Collection
    • Phantom Settings
    • Manage Users
    • View License And Subscription Details
  • Appendix 1 – Field Groups And Event Items Description
  • Appendix 2 – CWatch Supported Logs
  • About Comodo Security Solutions

Manage Multiple Column List Content

 

The values of a multiple column list (MCL) can be populated in two ways:

  • Manually added to the list
  • Fed from a correlation rule. See List Mappings in Manage Correlation Rules

This section explains how to manually add values to lists and manage existing values. The 'Multiple Column List Content Management' interface lets you view values under more than one column.


For example: 

  • If you want to check for source list of IPs that are programmed to attack the target list of IPs
  • You can create an MCL list specific to these 2 lists as 2 columns
  • You can then manage the list from the 'Multiple Column List Content Management' interface by adding/updating/deleting IPs

      OR 

    • To check for incidents that originate from assets belonging to specific departments, create an MCL list by adding columns for the assets of each department.
    To open the 'Multiple Column List Content Management' interface, 
    • Select an MCL list from the 'Live List Management' interface and then click 'show'.



    The content management list will open:



     

    Multiple Column List Content Table - Column Descriptions

    Column Header

    Description

    agent_id

    Agent id of the log collector.

    th_handled

    Status of the threat handled.

    base_score

    Score that indicates the severity of the incident.

    prod_name

    Name of the product.

    Lists

    Name of list that contains values, for example: in this case, the values belong to MCL lists.

    Type

     

    Values are specified based on content classification. For example: if you want to enter field values like 'agent_ip', then you can enter the content as 'IP address'

    Customer

    The customer for whom the live lists are created.

    Due Date

    Date and time which the value is valid until. After the due date, the value will be automatically removed from the list.

    Last Update Time

    Date and time the live list was last updated.


    Sorting and Filtering Options:

    • Click on any table header to sort items in alphabetical/ascending/descending order.
    • To filter values for a specific customer, choose the customer from the 'Customer' drop-down and click 'Search'.
    • To view values that belong to a specific live list, choose the list from the 'List' drop-down and click 'Search'.
    • To view values that belong to a specific live list type, select the list from the 'List' drop-down, then choose the type from the 'Type' drop-down and click 'Search'.

    The interface allows you to:

    • Manually add values to MCL lists
    • Edit existing values in an MCL list
    • Remove values from a MCL list

    To manually enter a value to a MCL list

    • Click the 'Add' button at the bottom right of the 'Multiple Column List Content Management' interface.

    The 'List Content Add' dialog will appear.



    • Select the MCL list and the list type to which the value is to be added, from the respective drop-downs under 'List Management' interface. See 'Create the Multiple Column Lists' in 'Managing Live Lists' for details about creating new range lists'
    • Enter the values for the field defined for the MCL list in the 'agent_id', 'th_handled', 'base_score', prod_name' fields.
    • Enter the date till which the value is valid in the 'Due Date' field.
    • You can click the calendar icon at the left of the field and choose the date. On the specified date, the value will be automatically removed from the list.
    • If you want the value to be permanently valid, select the 'Permanent' option.
    • Select the customer to which the value is applicable from the 'Customer' drop-down.
    • Click 'Submit'.

    The value will be added to the selected list type.

    • Repeat the process for adding more values to the list.

    To edit a value in an MCL list 

    • Click the hamburger icon > 'Live Lists'.
    • Select an MCL list from the 'Live List' interface and click 'Show' at the bottom right. The 'Multiple Column List Contents Management' interface will open.
    • Choose 'Customer' and 'Type' from their respective drop downs.
    • Click 'Search' to view the values added to the list. 
    • Select the required list from the 'List Contents' section and click . The 'List Content Edit' dialog will open.


    • Modify the required details and click 'Submit'
    The dialog is similar to the 'List Content Add' dialog. See here for more details.

    The value will be edited and will take immediate effect on the event queries and correlation rules in which the IP range list is used.

    To Remove a value from a MCL list

    • Click the hamburger icon > 'Live Lists'
    • Select an MCL list from the 'Live List' interface and click 'Show' at the bottom right. The 'Multiple Column List Contents Management' interface will open.
    • Choose 'Customer' and 'Type' from their respective drop downs and click 'Search'. The values added to the required MCL list/type will be listed.
    • Select the required list from the 'List Contents' section and click  .  The 'List Content Edit' dialog will open.
    A confirmation dialog will open.



    • Click 'Yes' to confirm the removal.

    The value will be removed from the list. The change will take effect immediately on event queries and correlation rules which use the list.


    Please note that you cannot create more than 3 MCL lists in the 'Live List Management' interface.

    Our Products
    • Free Antivirus
    • Free Internet Security
    • Website Malware Removal
    • Free Anti-Malware
    • Anti-Spam (Free Trial)
    • Windows Antivirus
    • Antivirus for Windows 7
    • Antivirus for Windows 8
    • Antivirus for Windows 10
    • Antivirus for MAC
    • Antivirus for Linux
    • Free Endpoint Security
    • Free ModSecurity
    • Free RMM
    • Free Website Malware Scanner
    • Free Device Manager for Android
    • Free Demo
    • Network Security
    • Endpoint Protection
    • Antivirus for Android
    • Comodo Antivirus
    • Wordpress Security
    Cheap CDN
    • Bootstrap CDN
    • Semantic UI CDN
    • Jquery CDN
    • CDN Plans
    • CDN
    • Free CDN
    Enterprise
    • Patch Management Software
    • Patch Manager
    • Service Desk
    • Website Down
    • Endpoint Protection Solutions
    • Website Security Check
    • Remote Monitoring and Management
    • Website Security
    • Device Manager
    • ITSM
    • CRM
    • MSP
    • Android Device Manager
    • MDR Services
    • Ransomware Prevention
    • Managed IT Support Services
    • Free EDR
    Free SSL Certificate
    Support Partners Terms and Conditions Privacy Policy

    © Comodo Group, Inc. 2024. All rights reserved.