Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Creates Sentinel incidents for critical/high Theom risks, associated with ruleId TRIS0036 (Theom has observed shadow or clone databases/tables. Additionally, it has observed atypical accesses to these data stores. As per this requirement, use this information to apply data access control lists or access permissions and enforce data retention policies)
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Theom |
| ID | 02bff937-ca52-4f52-a9cd-b826f8602694 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | Collection, PrivilegeEscalation |
| Techniques | T1560, T1530, T1078 |
| Required Connectors | Theom |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
TheomAlerts_CL 🔶 |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊