Cisco_Umbrella_fileevent_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Custom Log V1 Yes 🔶 — uses type-suffixed column names
Ingestion API Supported ✓ Yes

Contents

Schema (23 columns)

Source: KQL validation test schema

Column Name Type
archive_depth_d real
archive_file_name_s string
archive_sha_s string
aws_region_s string
direction_s string
disposition_s string
dlp_status_s string
enforced_by_s string
file_action_s string
file_name_s string
file_size_d real
file_static_analysis_s string
file_type_id_s string
firewall_event_id_s string
ftd_enforcement_id_s string
ftd_enforcement_name_s string
organization_id_s string
retention_policy_s string
sha256_s string
threat_name_s string
threat_score_d real
TimeGenerated datetime
Timestamp_t datetime

Solutions (1)

This table is used by the following solutions:

Connectors (2)

This table is ingested by the following connectors:

Connector Selection Criteria
Cisco Cloud Security
Cisco Cloud Security (using elastic premium plan)

Content Items Using This Table (31)

Analytic Rules (20)

GitHub Only:

Analytic Rule Selection Criteria
Cisco Cloud Security - Connection to Unpopular Website Detected
Cisco Cloud Security - Connection to non-corporate private network
Cisco Cloud Security - Crypto Miner User-Agent Detected
Cisco Cloud Security - Empty User Agent Detected
Cisco Cloud Security - Hack Tool User-Agent Detected
Cisco Cloud Security - Rare User Agent Detected
Cisco Cloud Security - Request Allowed to harmful/malicious URI category
Cisco Cloud Security - Request to blocklisted file type
Cisco Cloud Security - URI contains IP address
Cisco Cloud Security - Windows PowerShell User-Agent Detected
Cisco Umbrella - Connection to Unpopular Website Detected
Cisco Umbrella - Connection to non-corporate private network
Cisco Umbrella - Crypto Miner User-Agent Detected
Cisco Umbrella - Empty User Agent Detected
Cisco Umbrella - Hack Tool User-Agent Detected
Cisco Umbrella - Rare User Agent Detected
Cisco Umbrella - Request Allowed to harmful/malicious URI category
Cisco Umbrella - Request to blocklisted file type
Cisco Umbrella - URI contains IP address
Cisco Umbrella - Windows PowerShell User-Agent Detected

Hunting Queries (10)

In solution CiscoUmbrella:

Hunting Query Selection Criteria
Cisco Cloud Security - 'Blocked' User-Agents.
Cisco Cloud Security - Anomalous FQDNs for domain
Cisco Cloud Security - DNS Errors.
Cisco Cloud Security - DNS requests to unreliable categories.
Cisco Cloud Security - High values of Uploaded Data
Cisco Cloud Security - Higher values of count of the Same BytesIn size
Cisco Cloud Security - Possible connection to C2.
Cisco Cloud Security - Possible data exfiltration
Cisco Cloud Security - Proxy 'Allowed' to unreliable categories.
Cisco Cloud Security - Requests to uncategorized resources

Workbooks (1)

In solution CiscoUmbrella:

Workbook Selection Criteria
CiscoUmbrella

Parsers Using This Table (1)

Other Parsers (1)

Parser Solution Selection Criteria
Cisco_Umbrella CiscoUmbrella

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index