High severity malicious activity detected

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

Identifies high severity malicious activity in Azure Firewall IDPS logs.

Attribute	Value
Type	Analytic Rule
Solution	Azure Firewall
ID	`504257c1-81e2-4609-8d40-b395e62f11c7`
Severity	High
Status	Available
Kind	Scheduled
Tactics	InitialAccess, Exfiltration, CredentialAccess, CommandAndControl, Execution
Techniques	T1190, T1041, T1003, T1204
Required Connectors	AzureFirewall
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
`AZFWIdpsSignature`	✓	✗	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Azure Firewall