Awake Security - Model With Multiple Destinations

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query searches for devices with multiple possibly malicious destinations.

Attribute	Value
Type	Analytic Rule
Solution	AristaAwakeSecurity
ID	dfa3ec92-bdae-410f-b675-fe1814e4d43e
Severity	Medium
Status	Available
Kind	Scheduled
Required Connectors	CefAma
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
CommonSecurityLog	DeviceProduct == "Awake Security" DeviceVendor == "Arista Networks"	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to AristaAwakeSecurity