Samsung Knox Asset Intelligence for Microsoft Sentinel
Solution: Samsung Knox Asset Intelligence
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Samsung Electronics Co., Ltd. |
| Support Tier | Partner |
| Support Link | https://www2.samsungknox.com/en/support |
| Categories | domains |
| Version | 3.0.3 |
| Author | Samsung - kai.sme@samsung.com |
| First Published | 2025-01-15 |
| Solution Folder | Samsung Knox Asset Intelligence |
| Marketplace | Azure Marketplace · Rating: ★★★★★ 5.0/5 (2 ratings) · Popularity: 🔵 Medium (79%) |
The Knox Asset Intelligence for Microsoft Sentinel solution enables enterprise IT and SecOps (Security Operations) administrators to view and manage security threats to their Samsung Knox mobile devices. By integrating security events and logs from Knox Asset Intelligence with the Azure Monitor Log Ingestion API, the solution lets enterprise organizations easily view, identify and investigate security threats in near-real-time with Microsoft Sentinel.
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 6 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
Samsung_Knox_Application_CL |
Samsung Knox Asset Intelligence | Workbooks |
Samsung_Knox_Audit_CL |
Samsung Knox Asset Intelligence | Analytics, Workbooks |
Samsung_Knox_Network_CL |
Samsung Knox Asset Intelligence | Workbooks |
Samsung_Knox_Process_CL |
Samsung Knox Asset Intelligence | Analytics, Workbooks |
Samsung_Knox_System_CL |
Samsung Knox Asset Intelligence | Analytics, Workbooks |
Samsung_Knox_User_CL |
Samsung Knox Asset Intelligence | Analytics, Workbooks |
Content Items
This solution includes 8 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 7 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Samsung Knox - Application Privilege Escalation or Change Events | High | PrivilegeEscalation | Samsung_Knox_Process_CL |
| Samsung Knox - Mobile Device Boot Compromise Events | High | Persistence | Samsung_Knox_System_CL |
| Samsung Knox - Password Lockout Events | High | CredentialAccess | Samsung_Knox_User_CL |
| Samsung Knox - Peripheral Access Detection with Camera Events | High | - | Samsung_Knox_System_CL |
| Samsung Knox - Peripheral Access Detection with Mic Events | High | - | Samsung_Knox_System_CL |
| Samsung Knox - Security Log Full Events | High | - | Samsung_Knox_Audit_CL |
| Samsung Knox - Suspicious URL Accessed Events | High | InitialAccess | Samsung_Knox_User_CL |
Workbooks
| Name | Tables Used |
|---|---|
| SamsungKnoxAssetIntelligence | Samsung_Knox_Application_CLSamsung_Knox_Audit_CLSamsung_Knox_Network_CLSamsung_Knox_Process_CLSamsung_Knox_System_CLSamsung_Knox_User_CL |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.2 | 25-07-2025 | Updated Data Connector to support new Columns. |
| 3.0.1 | 28-01-2025 | Enhance DCR instruction steps in Data Connector & Update Analytics rules name. |
| 3.0.1 | 22-04-2025 | Initial Solution public Release. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊