CTERA for Microsoft Sentinel

Solution: CTERA

CTERA Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	CTERA
Support Tier	Partner
Support Link	https://www.ctera.com/
Categories	domains
Version	3.0.1
Author	CTERA Networks - support@ctera.com
First Published	2024-07-28
Last Updated	2025-12-14
Solution Folder	CTERA
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The CTERA solution allows you to ingest and analyze events from CTERA Edge Filers and Portal to Microsoft Sentinel. It detects ransomware incidents and potentially attacking users, abnormal user and excessive deletions .

Learn more about Microsoft Sentinel | Learn more about Solutions

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

CTERA Syslog

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`Syslog`	CTERA Syslog	Analytics, Hunting, Workbooks

Content Items

This solution includes 10 content item(s):

Content Type	Count
Analytic Rules	6
Hunting Queries	3
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Antivirus Detected an Infected File	High	Impact	`Syslog`
CTERA Mass Access Denied Detection Analytic	High	DefenseEvasion	`Syslog`
CTERA Mass Deletions Detection Analytic	High	Impact	`Syslog`
CTERA Mass Permissions Changes Detection Analytic	High	PrivilegeEscalation	`Syslog`
Ransom Protect Detected a Ransomware Attack	High	Impact	`Syslog`
Ransom Protect User Blocked	High	Impact	`Syslog`

Hunting Queries

Name	Tactics	Tables Used
CTERA Batch Access Denied Detection	DefenseEvasion	`Syslog`
CTERA Batch File Deletions Detection	Impact	`Syslog`
CTERA Permission Change Detection	PrivilegeEscalation	`Syslog`

Workbooks

Name	Tables Used
CTERA_Workbook	`Syslog`

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.1	05-12-2024	Update on existing Hunting Queries and new Analytic Rules
3.0.0	21-10-2024	Initial Solution Release