Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Intent: - Use MTP capability to look for insider threat potential risk indicators - Indicators would then serve as the building block for insider threat risk modeling in subsequent tools Definition of Insider Threat: "The potential for an individual who has or had authorized access to an organization's assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization." This collection of queries describes the different indicators tha
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 1b6d19d5-c1f9-43b0-8db6-1c44c3c965b3 |
| Tactics | Initial access, Persistence, Exfiltration |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
DeviceEvents |
ActionType startswith "ScreenshotTaken" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊