Analytic Rules - B

158 analytic rules starting with 'B'.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ All Analytic Rules

---

Jump to letter: # | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Z

Source: 📦 Solution | 📄 Standalone | 🔗 GitHub Only

Name	Severity	Source
Backup Proxy Deleted	Informational	📦 Veeam
Backup Repository Deleted	High	📦 Veeam
Backup Repository Settings Updated	Low	📦 Veeam
Base64 encoded Windows process command-lines	Medium	📦 Endpoint Threat Protection Essentials
Base64 encoded Windows process command-lines (Normalized Process Events)	Medium	📄 Standalone Content
Beacon Traffic Based on Common User Agents Visiting Limited Number of Domains	Medium	📦 FalconFriday
Best Practice Compliance Check Not Passed	Medium	📦 Veeam
Bitglass - Impossible travel distance	Medium	📦 Bitglass
Bitglass - Login from new device	Medium	📦 Bitglass
Bitglass - Multiple failed logins	High	📦 Bitglass
Bitglass - Multiple files shared with external entity	Medium	📦 Bitglass
Bitglass - New admin user	Medium	📦 Bitglass
Bitglass - New risky user	High	📦 Bitglass
Bitglass - Suspicious file uploads	High	📦 Bitglass
Bitglass - The SmartEdge endpoint agent was uninstalled	Medium	📦 Bitglass
Bitglass - User Agent string has changed for user	Medium	📦 Bitglass
Bitglass - User login from new geo location	Medium	📦 Bitglass
Bitsadmin Activity	Medium	📦 Microsoft Defender XDR
BitSight - compromised systems detected	Medium	📦 BitSight
BitSight - diligence risk category detected	Medium	📦 BitSight
BitSight - drop in company ratings	High	📦 BitSight
BitSight - drop in the headline rating	High	📦 BitSight
BitSight - new alert found	High	📦 BitSight
BitSight - new breach found	Medium	📦 BitSight
blacklens Insights	High	📦 Blacklens
BloodHound Attack Path Finding - Add Key Credential Link Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Add Member Privileges on Tier Zero Security Groups	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Add Members to Tier Zero Group	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Add Owner to Tier Zero Object via MS Graph App Role	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Add Resource-Based Constrained Delegation Privileges on Tier Zero Computers	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Add Secret to Tier Zero Principal	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - AddOwner Role on Tier Zero Resource	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - AddSelf Privilege on Tier Zero Security Groups	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Admins on Tier Zero Computers	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - AKS Contributor Role on Tier Zero Managed Cluster	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - AllExtended Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - App Admin Control of Tier Zero Principal	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - AS-REP Roastable User Accounts	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Avere Contributor Role on Tier Zero Virtual Machine	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Cloud App Admin Over Tier Zero Principal	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Command Execution on Tier Zero Virtual Machine	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Computers Vulnerable to Coercion-Based NTLM Relay to SMB Attack	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Constrained Delegation on Tier Zero Computers	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Contributor Role on Tier Zero Automation Account	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Contributor Role on Tier Zero Resource	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - DCOM Users on Tier Zero Computers	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - ForceChangePassword Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - GenericAll Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - GenericWrite Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Get Certifcates on Tier Zero Key Vault	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Get Keys on Tier Zero Key Vault	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Get Secrets on Tier Zero Key Vault	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Kerberoastable User Accounts	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Kerberos Delegation on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Key Vault Contributor Role on Tier Zero Resource	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Group With SyncLapsPassword Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups in DCOM Users Groups	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups in Local Administrator Groups	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups in PS Remote Users Groups	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups in SQL Admins Groups	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With Add Key Credential Link Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With Add Member Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With Add Self Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With All Extended Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With ForceChangePassword Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With GenericAll Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With GenericWrite Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With Limited Ownership Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With Ownership Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With RDP Access	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With Read GMSA Password Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With Read LAPS Password Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With Resource-Based Constrained Delegation Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With WriteAccountRestrictions Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With WriteDacl Privilege	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With WriteGpLink Privilege	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With WriteOwner Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With WriteOwnerLimitedRights Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Large Default Groups With WriteServicePrincipalName Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Legacy SID History on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Limited Ownership Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Logic App Contributor Role on Tier Zero Logic App	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Logons From Tier Zero Users	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non Tier Zero Principals With ADCS ESC1 Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non Tier Zero Principals With ADCS ESC10 Scenario A Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non Tier Zero Principals With ADCS ESC13 Privileges Against Tier Zero Group	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non Tier Zero Resource Assigned to Tier Zero Service Principal	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero AD User Synced to Tier Zero Entra User	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Computer Hosting EnterpriseCA Trusted for NT Authentication	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Entra User Synced to Tier Zero AD User	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principal Can Grant Tier Zero App Roles	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principal Can Grant Tier Zero Entra ID Role	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principal Trusted for Unconstrained Delegation	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principals With ADCS ESC10 Scenario B Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principals With ADCS ESC3 Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principals With ADCS ESC4 Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principals With ADCS ESC6 Scenario A Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principals With ADCS ESC6 Scenario B Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principals With ADCS ESC9 Scenario A Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principals With ADCS ESC9 Scenario B Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Non-Tier Zero Principals With DCSync Privileges	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Owner Role on Tier Zero Resource	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Ownership of Tier Zero Principal	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Ownership Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - PS Remote Users on Tier Zero Computers	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - RDP Users on Tier Zero Computers	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Read GMSA Password Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - ReadLapsPassword Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Reset a Tier Zero User's Password	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - SQL Admin Users on Tier Zero Computers	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - SyncLapsPassword Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Tier Zero Computer Vulnerable to Coercion-Based NTLM Relay to ADCS (ESC8) Attack	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Tier Zero Computer Vulnerable to Coercion-Based NTLM Relay to LDAP Attack	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Tier Zero Computer Vulnerable to Coercion-Based NTLM Relay to LDAPS Attack	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Tier Zero Group Control via MS Graph App Role	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Tier Zero Service Principal Control via MS Graph App Role	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Tier Zero SMSA Installed on Non-Tier Zero Computer	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - User Access Admin Role on Tier Zero Resource	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - VM Admin Login Role on Tier Zero System	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - VM Contributor Role on Tier Zero System	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Website Contributor Role on Tier Zero Resource	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - Write Account Restrictions Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - WriteDacl Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - WriteGpLink Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - WriteOwner Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - WriteOwnerLimitedRights Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
BloodHound Attack Path Finding - WriteServicePrincipalName Privileges on Tier Zero Objects	Medium	📦 BloodHound Enterprise
Box - Abmormal user activity	Medium	📦 Box
Box - Executable file in folder	Medium	📦 Box
Box - File containing sensitive data	Medium	📦 Box
Box - Forbidden file type downloaded	Medium	📦 Box
Box - Inactive user login	Medium	📦 Box
Box - Item shared to external entity	Medium	📦 Box
Box - Many items deleted by user	Medium	📦 Box
Box - New external user	Medium	📦 Box
Box - User logged in as admin	Medium	📦 Box
Box - User role changed to owner	Medium	📦 Box
Brute force attack against a Cloud PC	Medium	📦 Microsoft Entra ID
Brute force attack against Azure Portal	Medium	📦 Microsoft Entra ID
Brute Force Attack against GitHub Account	Medium	📦 Microsoft Entra ID
Brute force attack against user credentials	Medium	📦 Salesforce Service Cloud
Brute force attack against user credentials (Uses Authentication Normalization)	Medium	📄 Standalone Content
BTP - Audit log service unavailable	High	📦 SAP BTP
BTP - Build Work Zone unauthorized access and role tampering	High	📦 SAP BTP
BTP - Cloud Identity Service application configuration monitor	Medium	📦 SAP BTP
BTP - Cloud Integration access policy tampering	High	📦 SAP BTP
BTP - Cloud Integration artifact deployment	High	📦 SAP BTP
BTP - Cloud Integration JDBC data source changes	High	📦 SAP BTP
BTP - Cloud Integration package import or transport	Medium	📦 SAP BTP
BTP - Cloud Integration tampering with security material	Medium	📦 SAP BTP
BTP - Failed access attempts across multiple BAS subaccounts	Medium	📦 SAP BTP
BTP - Malware detected in BAS dev space	Medium	📦 SAP BTP
BTP - Mass user deletion in a sub account	Medium	📦 SAP BTP
BTP - Mass user deletion in SAP Cloud Identity Service	Medium	📦 SAP BTP
BTP - Trust and authorization Identity Provider monitor	Medium	📦 SAP BTP
BTP - User added to Cloud Identity Service privileged Administrators list	High	📦 SAP BTP
BTP - User added to sensitive privileged role collection	Low	📦 SAP BTP
Bulk Changes to Privileged Account Permissions	High	📦 Microsoft Entra ID

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index · Back to Analytic Rules