Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Detects Claroty policy violation events from ClarotyEvent when EventOriginalType or EventType contains 'Policy Violation'. Use this rule to identify policy enforcement events that may indicate unauthorized discovery or prohibited network activity. This rule expects ClarotyEvent data to be available in the workspace.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Claroty |
| ID | 3b22ac47-e02c-4599-a37a-57f965de17be |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | Discovery |
| Techniques | T1018, T1135 |
| Required Connectors | CefAma |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
CommonSecurityLog |
DeviceVendor == "Claroty" |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊