Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Type | Workbook |
| Solution | MaturityModelForEventLogManagementM2131 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AADManagedIdentitySignInLogs |
✓ | ✗ | ? | |
AADServicePrincipalSignInLogs |
✓ | ✗ | ? | |
AWSCloudTrail |
✓ | ✓ | ? | |
AWSGuardDuty |
✓ | ✓ | ? | |
AWSVPCFlow |
✓ | ✓ | ? | |
AlertEvidence |
✓ | ✗ | ? | |
AuditLogs |
OperationName in "Add member to role,Add user,ApplicationGatewayFirewall,AzureFirewallIDSLog,Reset user password,Update user"OperationName !contains "external"OperationName !contains "invite"OperationName !contains "licnense"OperationName contains "group"OperationName contains "member"OperationName contains "principal"OperationName contains "role"OperationName contains "user" |
✓ | ✗ | ? |
AzureActivity |
? | ✗ | ? | |
AzureDiagnostics 🔶 |
Category in "AzureFirewallApplicationRule,AzureFirewallNetworkRule,EntitlementManagement,FrontdoorWebApplicationFirewallLog,GatewayDiagnosticLog,GroupManagement,IKEDiagnosticLog,NetworkSecurityGroupEvent,RouteDiagnosticLog,TunnelDiagnosticLog,UserManagement,WebApplicationFirewallLogs,kube-audit"Category contains "SQL"Resource == "SOC-NS-AG-WAFV2"ResourceProvider in "MICROSOFT.CONTAINERSERVICE,MICROSOFT.KEYVAULT"ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES,SERVERS/DATABASES" |
? | ✗ | ? |
BehaviorAnalytics |
✓ | ✗ | ? | |
CarbonBlack_Alerts_CL |
? | ✓ | ? | |
CloudAppEvents |
✓ | ✗ | ? | |
CommonSecurityLog |
✓ | ✓ | ? | |
ConfigurationChange |
✓ | ✗ | ? | |
ConfigurationData |
✓ | ✗ | ? | |
DeviceNetworkEvents |
✓ | ✗ | ? | |
DeviceNetworkInfo |
✓ | ✗ | ? | |
DeviceProcessEvents |
ActionType in "Add member to role,Add user,InteractiveLogon,RemoteInteractiveLogon,Reset user password,ResourceAccess,Sign-in,Update user" |
✓ | ✗ | ? |
DnsEvents |
✓ | ✗ | ? | |
Dynamics365Activity |
✓ | ✗ | ? | |
EmailAttachmentInfo |
✓ | ✗ | ? | |
EmailEvents |
✓ | ✗ | ? | |
EmailUrlInfo |
✓ | ✗ | ? | |
GCP_IAM_CL 🔶 |
? | ✓ | ? | |
Heartbeat |
? | ✗ | ? | |
IdentityInfo |
✓ | ✗ | ? | |
InformationProtectionLogs_CL 🔶 |
? | ✓ | ? | |
InsightsMetrics |
✓ | ✗ | ? | |
IntuneAuditLogs |
✓ | ✗ | ? | |
IntuneDevices |
✓ | ✗ | ? | |
IntuneOperationalLogs |
✓ | ✗ | ? | |
KubeEvents_CL |
? | ✓ | ? | |
OfficeActivity |
OfficeWorkload == "Exchange"RecordType == "ExchangeAdmin" |
✓ | ✗ | ? |
Operation |
? | ✗ | ? | |
QualysHostDetectionV3_CL |
? | ✓ | ? | |
SecurityAlert |
✓ | ✗ | ? | |
SecurityEvent |
✓ | ✓ | ? | |
SecurityIncident |
✓ | ✗ | ? | |
SecurityRecommendation |
✓ | ✗ | ? | |
SecurityRegulatoryCompliance |
✓ | ✗ | ? | |
SigninLogs |
✓ | ✗ | ? | |
StorageBlobLogs |
✓ | ✗ | ? | |
StorageFileLogs |
✓ | ✗ | ? | |
Syslog |
SyslogMessage contains "runas"SyslogMessage contains "sudo"ProcessName has_any "hostd-probe,vmkwarning,vpxd-main" |
✓ | ✓ | ? |
ThreatIntelligenceIndicator |
✓ | ✓ | ? | |
Update |
✓ | ✗ | ? | |
Usage |
? | ✗ | ? | |
VMComputer |
? | ✗ | ? | |
VMProcess |
? | ✗ | ? | |
WindowsFirewall |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Workbooks · Back to MaturityModelForEventLogManagementM2131