Dataverse - Suspicious use of TDS endpoint

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

Identifies Dataverse TDS (Tabular Data Stream) protocol based queries where the source user or IP address has recent security alerts and the TDS protocol has not been used previously in the target environment.

Attribute Value
Type Analytic Rule
Solution Microsoft Business Applications
ID d875af10-6bb9-4d6a-a6e4-78439a98bf4b
Severity Low
Status Available
Kind Scheduled
Tactics Exfiltration, InitialAccess
Techniques T1048, T1190
Required Connectors Dataverse, AzureActiveDirectoryIdentityProtection
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
DataverseActivity ?
SecurityAlert ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Analytic Rules · Back to Microsoft Business Applications