Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies changes in the protocol used for specific destination ports, comparing the current runtime with a learned baseline. This can indicate potential protocol misuse or configuration changes. Configurable Parameters: - Learning period: The time range to establish the baseline. Default is set to 7 days. - Run time: The time range for current analysis. Default is set to 1 day.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Global Secure Access |
| ID | f6a8d6a5-3e9f-47c8-a8d5-1b2b9d3b7d6a |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | DefenseEvasion, Exfiltration, CommandAndControl |
| Techniques | T1571 |
| Required Connectors | AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
NetworkAccessTraffic |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊