Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies multiple machines trying to reach out to the same destination blocked by TI in Azure Firewall. This can indicate attack on the organization by the same attack group. Configurable Parameters: - Minimum affected threshold - alert only if more than this number of hosts affected. Default is set to 5. - Recommendation is to use the new resource specific logs. If you are using both, the TiTraffic Count will be duplicated.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure Firewall |
| ID | 4644baf7-3464-45dd-bd9d-e07687e25f81 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Exfiltration, CommandAndControl |
| Techniques | T1041, T1071 |
| Required Connectors | AzureFirewall |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AZFWThreatIntel |
✓ | ✗ | ? |
AzureDiagnostics 🔶 |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊