Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Type | Workbook |
| Solution | SOX IT Compliance |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AuditLogs |
✓ | ✗ | ? | |
AzureActivity |
? | ✗ | ? | |
CommonSecurityLog |
DeviceVendor has_any "CrowdStrike,Microsoft,Qualys,Tripwire" |
✓ | ✓ | ? |
ConfigurationChange |
✓ | ✗ | ? | |
Heartbeat |
? | ✗ | ? | |
IdentityDirectoryEvents |
ActionType in "DirectoryRoleMembershipChanged,GroupMembershipChanged,PrivilegeEscalation,SensitiveAccountChanged,UserAccountControlChanged" |
✓ | ✗ | ? |
OfficeActivity |
OperationName has_any "Add directory role member,Add member to role,Add user,Create user,Role assignment,Update user"OperationName has_any "directory write,policy update,role assignment,role update" |
✓ | ✗ | ? |
Operation |
? | ✗ | ? | |
SecurityEvent |
EventID in "1100,1102,1104,1240,1241,1242,4656,4657,4660,4663,4670,4688,4719,4720,4726,4732,4739,4754,4907" |
✓ | ✓ | ? |
SigninLogs |
✓ | ✗ | ? | |
Syslog |
SyslogMessage has_any "ALTER TABLE,CREATE TABLE,DROP TABLE,database modified,schema change"SyslogMessage has_any "auditd stopped,logging stopped,rsyslog stopped,syslog stopped"SyslogMessage has_any "change,config,edit,modified,updated"SyslogMessage has_any "change,config,modified,registry,updated"SyslogMessage has_any "checksum mismatch,file deleted,file modified,file tamper" |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊