ITarian Help

Find the desired product help

SOCaaP

SOCaaP

Version 2.2

English

Print Help
SOCaaP SIEM > Lists > Manage Multiple Column List Content
  • Introduction
    • Logging-in To The SOCaaP Console
  • Dashboard Overview
    • Summary
    • Alerts, Incidents And Website Vulnerabilities
    • Customer Health
  • SOCaaP Alerts/Escalations
    • Log-in To The Admin Console
    • The Home Screen
    • Service Summary
    • Incidents Overview
      • Incidents
      • Threat Summary
    • Log Collection Summary
    • Threat Communication Graph
    • Tickets
    • Reports
    • Notification Settings
    • Integrate Your Office 365 Account With SOCaaP
  • SOCaaP SIEM
    • Log-in To The Admin Console
    • The Main Interface
    • The Dashboard
    • Customer Asset Management
      • Add Customers
      • Add Assets For Monitoring
        • Hard Assets
        • Soft Assets
      • Configure Nxlog And Rsyslog To Send Logs To SOCaaP Server
      • Edit Customers
    • Query Management
      • Configure Event Queries
      • Long Term Analysis
      • Configure Custom Dashboards
      • Event Field Selection Settings
    • Manage Rules
      • Manage Correlation Rules
      • Manage Tagged Rules
      • Manage Aggregation Rules
    • Incidents
      • Manage Incidents
      • Incident Category Management
      • Category Action Management
    • Lists
      • Manage Live Lists
      • Manage Live List Content
      • Manage Range List Content
      • Manage IP Range List Content
      • Manage Multiple Column List Content
    • Manage Reports
    • Administration
      • Event Collection
      • Phantom Settings
      • Manage Users
    • Appendix 1 – Field Groups And Event Items Description
    • Appendix 2 – SOCaaP Supported Logs
  • SOCaaP Web Protection
    • Add Websites
    • The Main Interface
    • The Dashboard
    • Website Data And Settings
      • Website Overview
      • Security Scans
        • Website Scans
        • Website Files Security Scans
          • Malware Scan Settings
            • Automatic Configuration
            • Manual Configuration
          • Run A Scan And View Results
          • Notifications, Malware Removal And Scheduled Scans
        • Vulnerability Scans
          • CMS Vulnerability Scans
          • OWASP Top 10 Vulnerability Scans
      • Content Delivery Network
        • Activate CDN For A Website
        • CDN Settings
        • View CDN Metrics
      • Firewall
        • WAF Statistics
        • WAF Events
        • Configure WAF Policies
        • Manage Custom Firewall Rules
      • SSL Configuration
      • DNS Configuration
      • Add Trust Seal To Your Websites
      • Back Up Your Website
        • Backup Settings
        • On-Demand Backup
        • View Backup Records And File Statistics
        • Restore And Download Website Files
        • Delete Backups
    • Manage Your Profile
  • Sensor Installation
    • Requirements
    • (Option 1) Create Installation Media
    • (Option 2) Deploy Virtual Machine Environment
      • Create A New Virtual Machine
      • Configure Memory Size
      • Configure Hard Disk
      • View VM Summary
      • Configure Network Settings
      • Select VM Startup Disk
    • Sensor Installation Steps
    • Sensor Configuration Steps
      • Login To The Web Portal
      • User Settings
      • Configure Network
      • Configure Timezone
      • Key Activation
      • (Optional) Valkyrie Key Verdict
      • (Optional) Forward Log
  • Frequently Asked Questions
  • About ITarian Security Solutions

Manage Multiple Column List Content

 

The values of a multiple column list (MCL) can be populated in two ways:

  • Manually added to the list
  • Fed from a correlation rule. See List Mappings in Manage Correlation Rules

This section explains how to manually add values to lists and manage existing values. The 'Multiple Column List Content Management' interface lets you view values under more than one column.


For example: 

  • If you want to check for source list of IPs that are programmed to attack the target list of IPs
  • You can create an MCL list specific to these 2 lists as 2 columns
  • You can then manage the list from the 'Multiple Column List Content Management' interface by adding/updating/deleting IPs

    OR 

  • To check for incidents that originate from assets belonging to specific departments, create an MCL list by adding columns for the assets of each department.
To open the 'Multiple Column List Content Management' interface, 
  • Select an MCL list from the 'Live List Management' interface and then click 'show'.



The content management list will open:



 

Multiple Column List Content Table - Column Descriptions

Column Header

Description

agent_id

Agent id of the log collector.

th_handled

Status of the threat handled.

base_score

Score that indicates the severity of the incident.

prod_name

Name of the product.

Lists

Name of list that contains values, for example: in this case, the values belong to MCL lists.

Type

 

Values are specified based on content classification. For example: if you want to enter field values like 'agent_ip', then you can enter the content as 'IP address'

Customer

The customer for whom the live lists are created.

Due Date

Date and time which the value is valid until. After the due date, the value will be automatically removed from the list.

Last Update Time

Date and time the live list was last updated.


Sorting and Filtering Options:

  • Click on any table header to sort items in alphabetical/ascending/descending order.
  • To filter values for a specific customer, choose the customer from the 'Customer' drop-down and click 'Search'.
  • To view values that belong to a specific live list, choose the list from the 'List' drop-down and click 'Search'.
  • To view values that belong to a specific live list type, select the list from the 'List' drop-down, then choose the type from the 'Type' drop-down and click 'Search'.

The interface allows you to:

  • Manually add values to MCL lists
  • Edit existing values in an MCL list
  • Remove values from a MCL list

To manually enter a value to a MCL list

  • Click the 'Add' button at the bottom right of the 'Multiple Column List Content Management' interface.

The 'List Content Add' dialog will appear.



  • Select the MCL list and the list type to which the value is to be added, from the respective drop-downs under 'List Management' interface. See 'Create the Multiple Column Lists' in 'Managing Live Lists' for details about creating new range lists'
  • Enter the values for the field defined for the MCL list in the 'agent_id', 'th_handled', 'base_score', prod_name' fields.
  • Enter the date till which the value is valid in the 'Due Date' field.
  • You can click the calendar icon at the left of the field and choose the date. On the specified date, the value will be automatically removed from the list.
  • If you want the value to be permanently valid, select the 'Permanent' option.
  • Select the customer to which the value is applicable from the 'Customer' drop-down.
  • Click 'Submit'.

The value will be added to the selected list type.

  • Repeat the process for adding more values to the list.

To edit a value in an MCL list 

  • Click the hamburger icon > 'Live Lists'.
  • Select an MCL list from the 'Live List' interface and click 'Show' at the bottom right. The 'Multiple Column List Contents Management' interface will open.
  • Choose 'Customer' and 'Type' from their respective drop downs.
  • Click 'Search' to view the values added to the list. 
  • Select the required list from the 'List Contents' section and click . The 'List Content Edit' dialog will open.


  • Modify the required details and click 'Submit'
The dialog is similar to the 'List Content Add' dialog. See here for more details.

The value will be edited and will take immediate effect on the event queries and correlation rules in which the IP range list is used.

To Remove a value from a MCL list

  • Click the hamburger icon > 'Live Lists'
  • Select an MCL list from the 'Live List' interface and click 'Show' at the bottom right. The 'Multiple Column List Contents Management' interface will open.
  • Choose 'Customer' and 'Type' from their respective drop downs and click 'Search'. The values added to the required MCL list/type will be listed.
  • Select the required list from the 'List Contents' section and click  .  The 'List Content Edit' dialog will open.
A confirmation dialog will open.



  • Click 'Yes' to confirm the removal.

The value will be removed from the list. The change will take effect immediately on event queries and correlation rules which use the list.


Please note that you cannot create more than 3 MCL lists in the 'Live List Management' interface.

Comodo Help
  • IT Platform:
  • Help
  • Scripts
  • Wiki
  • Forum
  • Developer
  • RMM
  • Patch Management
  • Service Desk
  • ITSM
  • Managed Service Provider
  • Managed Detection and Response
  • Ticketing System
  • Helpdesk
  • ITIL

Copyright 2025 Itarian