Password Exfiltration over SCIM application

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This rule detects suspicious sync events that occurred to applications using SCIM for user provisioning.

Attribute	Value
Type	Analytic Rule
Solution	Authomize
ID	2e3c4ad5-8cb3-4b46-88ff-a88367ee7eaa
Severity	High
Status	Available
Kind	Scheduled
Tactics	CredentialAccess, InitialAccess
Techniques	T1555, T1040, T1552
Required Connectors	Authomize
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
Authomize_v2_CL 🔶	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Authomize