Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies the top source IP addresses with multiple distinct anomaly templates over the past 30 days (excluding single noisy hits), then surfaces their most recent (last 24h) high-fidelity anomalous activities for focused investigation, including scores, tactics, techniques, and behavioral insights.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | e1f2a3b4-c5d6-7890-1234-abcdef567890 |
| Required Connectors | BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
Anomalies |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊