ITL Tuning Guide Overview

ITM On-Prem (ObserveIT) Insider Threat Library (ITL) contains ~250 Alerts Rules for Windows/Mac (and an additional ~70 Alerts Rules for Unix/Linux).

To help you use the Alert Rules, ITM On-Prem (ObserveIT) carefully researched and determined which Alert Rules bring the highest value to customers. These “top” Alert Rules for Windows/Mac are now active by default. All other Window/Mac rules are deactivated by default.

This guide shows you how to tune the “top” Alert Rules to avoid false positives and includes both basic and advanced tuning instructions.

For a .pdf of this document, click here.