Medium severity malicious activity detected

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Identifies medium severity malicious activity in Azure Firewall IDPS logs.

Attribute Value
Type Analytic Rule
Solution Azure Firewall
ID dfbe3963-42fb-4ebe-a00c-1cc44e2aa9f0
Severity Medium
Status Available
Kind Scheduled
Tactics InitialAccess, Execution, DefenseEvasion, Impact
Techniques T1496, T1204, T1036
Required Connectors AzureFirewall
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
AZFWIdpsSignature ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Analytic Rules · Back to Azure Firewall