⚠️ Alsid For AD
⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Alsid |
| Support Tier | Partner |
| Support Link | https://www.alsid.com/contact-us/ |
| Categories | domains |
| Version | 2.0.0 |
| Author | Alsid |
| First Published | 2022-05-06 |
| Solution Folder | Alsid For AD |
Alsid for Active Directory connector allows to export Alsid Indicators of Exposures, trailflow and Indicators of Attacks logs to Microsoft Sentinel in real time.
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 3 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
AlsidForADLog_CL |
Alsid for Active Directory | - |
Tenable_IE_CL |
Alsid for Active Directory | Analytics, Workbooks |
Tenable_ad_CL |
Alsid for Active Directory | Analytics, Workbooks |
Content Items
This solution includes 15 content item(s) (14 in solution, 1 discovered 🔍):
| Content Type | Total | In Solution | Discovered |
|---|---|---|---|
| Analytic Rules | 12 | 12 | - |
| Workbooks | 2 | 2 | - |
| Parsers | 1 | 0 | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Alsid Active Directory attacks pathways | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid DCShadow | High | DefenseEvasion | Tenable_IE_CLTenable_ad_CL |
| Alsid DCSync | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid Golden Ticket | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid Indicators of Attack | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid Indicators of Exposures | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid LSASS Memory | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid Password Guessing | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid Password Spraying | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid Password issues | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid privileged accounts issues | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| Alsid user accounts issues | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
Workbooks
| Name | Tables Used |
|---|---|
| AlsidIoA | Tenable_IE_CLTenable_ad_CL |
| AlsidIoE | Tenable_IE_CLTenable_ad_CL |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| afad_parser ⚠️ | - | AlsidForADLog_CL (read) |
⚠️ Items marked with ⚠️ are not listed in the Solution JSON file. They were discovered by scanning the solution folder and may be legacy items, under development, or excluded from the official solution package.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊