Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This alert joins SecurityAlerts from Microsoft Products with SecurityIncidents from Microsoft Sentinel and Microsoft Defender XDR. This join allows for identifying patterns in user principal names associated with respective security alerts. A machine learning function (Basket) is leveraged with a .001 threshold. Baset finds all frequent patterns of discrete attributes (dimensions) in the data. It returns the frequent patterns passed the frequency threshold. This query evaluates UserPrincipalNam
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | MicrosoftPurviewInsiderRiskManagement |
| ID | a4fb4255-f55b-4c24-b396-976ee075d406 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | Execution |
| Techniques | T1204 |
| Required Connectors | MicrosoftDefenderAdvancedThreatProtection, AzureActiveDirectoryIdentityProtection, AzureSecurityCenter, IoT, MicrosoftCloudAppSecurity, IoT, OfficeATP |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityAlert |
✓ | ✗ | ? |
SecurityIncident |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to MicrosoftPurviewInsiderRiskManagement