Zero Networks Segment - Excessive access to a built-in group by user

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

A rule was created which granted a user access to a large, built-in, group of assets.

Attribute	Value
Type	Hunting Query
Solution	ZeroNetworks
ID	0e68d210-a8ec-4e13-9f46-61011c020b87
Severity	Medium
Tactics	LateralMovement
Techniques	T1210, T1570, T0866
Required Connectors	ZeroNetworksSegmentAuditFunction, ZeroNetworksSegmentAuditNativePoller
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
ZNAudit_CL	?	✓	?
ZNSegmentAuditNativePoller_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to ZeroNetworks