Contrast ADR - Exploited Attack in Production

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Detects successful exploitation of security vulnerabilities in production environments as identified by Contrast ADR. This rule triggers on confirmed exploited attacks in production systems, requiring immediate incident response and remediation.

Attribute	Value
Type	Analytic Rule
Solution	ContrastADR
ID	31417149-f3a2-4db4-9e5f-85e0a464f6a1
Severity	High
Status	Available
Kind	Scheduled
Tactics	InitialAccess, Execution, DefenseEvasion, LateralMovement, CommandAndControl
Techniques	T1190, T1059, T1055, T1210, T1008
Required Connectors	ContrastADRCCF
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
ContrastADRAttackEvents_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to ContrastADR