SOCRadar Alarm Volume Spike

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Detects unusual spikes in SOCRadar alarm volume that may indicate an active campaign, coordinated attack, or data breach. Triggers when alarm count in the last hour exceeds the 7-day hourly average by more than 3x.

Attribute	Value
Type	Analytic Rule
Solution	SOCRadar
ID	4a7b3c9e-2d15-4e8f-b6a3-9c2e7d5a1b4f
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Impact, Exfiltration
Techniques	T1485, T1567
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
SOCRadar_Alarms_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to SOCRadar