Analytic Rules - E

41 analytic rules starting with 'E'.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

All Analytic Rules

Jump to letter: # | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Z

Source: 📦 Solution | 📄 Standalone | 🔗 GitHub Only

Name Severity Source
EatonForeseer - Unauthorized Logins High 📦 EatonForeseer
EC2 Startup Shell Script Changed Medium 📦 Amazon Web Services
ECR image scan findings high or critical High 📦 Amazon Web Services
Egress Defend - Dangerous Attachment Detected Medium 📦 Egress Defend
Egress Defend - Dangerous Link Click Medium 📦 Egress Defend
Elevation of Privilege attempt detected High 📦 Azure Firewall
Email access via active sync Medium 📄 Standalone Content
Employee account deleted Medium 📦 Lastpass Enterprise Activity Monitoring
Empty group with entitlements Informational 📦 Authomize
Encryption Password Added Informational 📦 Veeam
Encryption Password Changed High 📦 Veeam
Encryption Password Deleted High 📦 Veeam
End-user consent stopped due to risk-based consent Medium 📄 Standalone Content
Europium - Hash and IP IOCs - September 2022 High 📄 Standalone Content
Excessive Amount of Denied Connections from a Single Source Medium 📦 Sophos XG Firewall
Excessive Blocked Traffic Events Generated by User Medium 📦 Symantec Endpoint Protection
Excessive Denied Proxy Traffic Low 📦 SymantecProxySG
Excessive Failed Authentication from Invalid Inputs Medium 📦 Symantec VIP
Excessive Login Attempts (Microsoft Defender for IoT) High 📦 IoTOTThreatMonitoringwithDefenderforIoT
Excessive number of failed connections from a single source (ASIM Network Session schema) Medium 📦 Network Session Essentials
Excessive number of HTTP authentication failures from a source (ASIM Web Session schema) Low 📄 Standalone Content
Excessive NXDOMAIN DNS Queries Medium 📦 Infoblox NIOS
Excessive NXDOMAIN DNS Queries (ASIM DNS Schema) Medium 📄 Standalone Content
Excessive share permissions Medium 📦 FalconFriday
Excessive Windows Logon Failures Low 📦 Windows Security Events
Exchange AuditLog Disabled Medium 📦 Microsoft 365
Exchange OAB Virtual Directory Attribute Containing Potential Webshell High 📦 Windows Security Events
Exchange Server Suspicious File Downloads. Medium 📄 Standalone Content
Exchange SSRF Autodiscover ProxyShell - Detection High 📄 Standalone Content
Exchange Worker Process Making Remote Call Medium 📄 Standalone Content
Exchange workflow MailItemsAccessed operation anomaly Medium 📦 Microsoft 365
Execution attempts stateful anomaly on database Medium 📦 Azure SQL Database solution for sentinel
Execution of software vulnerable to webp buffer overflow of CVE-2023-4863 Informational 📦 Microsoft Defender XDR
Expired access credentials being used in Azure Medium 📦 FalconFriday
External Fabric Module XFM1 is unhealthy High 📦 Pure Storage
External guest invitation followed by Microsoft Entra ID PowerShell signin Medium 📦 Microsoft Entra ID
External Repository Deleted High 📦 Veeam
External Repository Settings Updated Informational 📦 Veeam
External Upstream Source Added to Azure DevOps Feed Medium 📦 AzureDevOpsAuditing
External User Access Enabled Low 📄 Standalone Content
External user added and removed in short timeframe Low 📦 Microsoft 365

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index · Back to Analytic Rules