Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Creates Sentinel incidents for critical/high Theom risks, associated with ruleId TRIS0034 (Theom has observed shadow (or clone) databases/tables. Additionally, it has observed roles that are overprovisioned for these data stores. As per this requirement, use this information to apply data access control lists or access permissions and enforce data retention policies)
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Theom |
| ID | fb7769d0-e622-4479-95b4-f6266a5b41e2 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | Collection, PrivilegeEscalation |
| Techniques | T1560, T1530, T1078 |
| Required Connectors | Theom |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
TheomAlerts_CL 🔶 |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊