| F&O - Bank account change following network alias reassignment |
Low |
📦 Microsoft Business Applications |
| F&O - Mass update or deletion of user records |
Medium |
📦 Microsoft Business Applications |
| F&O - Non-interactive account mapped to self or sensitive privileged user |
Medium |
📦 Microsoft Business Applications |
| F&O - Reverted bank account number modifications |
Low |
📦 Microsoft Business Applications |
| F&O - Unusual sign-in activity using single factor authentication |
Low |
📦 Microsoft Business Applications |
| Failed AWS Console logons but success logon to AzureAD |
Medium |
📄 Standalone Content |
| Failed AzureAD logons but success logon to AWS Console |
Medium |
📄 Standalone Content |
| Failed AzureAD logons but success logon to host |
Medium |
📄 Standalone Content |
| Failed host logons but success logon to AzureAD |
Medium |
📄 Standalone Content |
| Failed login attempts to Azure Portal |
Low |
📦 Microsoft Entra ID |
| Failed Logins from Unknown or Invalid User |
Medium |
📦 Okta Single Sign-On |
| Failed logon attempts by valid accounts within 10 mins |
Low |
📄 Standalone Content |
| Failed logon attempts in authpriv |
Medium |
📦 Syslog |
| Failed sign-ins into LastPass due to MFA |
Low |
📦 Lastpass Enterprise Activity Monitoring |
| Failover Plan Deleted |
Low |
📦 Veeam |
| Failover Plan Failed |
Low |
📦 Veeam |
| Failover Plan Settings Updated |
Informational |
📦 Veeam |
| Failover Plan Started |
High |
📦 Veeam |
| Failover Plan Stopped |
Medium |
📦 Veeam |
| Fake computer account created |
Medium |
📄 Standalone Content |
| Field Effect MDR Alert: ARO Alert |
Medium |
📦 FieldEffectMDR |
| File Server Deleted |
High |
📦 Veeam |
| File Server Settings Updated |
Informational |
📦 Veeam |
| File Share Deleted |
High |
📦 Veeam |
| Files Copied to USB Drives |
High |
📦 Microsoft Defender XDR |
| Filewall - Blocked emails |
High |
📦 Filewall for Microsoft 365 |
| Filewall - Blocked files |
High |
📦 Filewall for Microsoft 365 |
| Firewall errors stateful anomaly on database |
Medium |
📦 Azure SQL Database solution for sentinel |
| Firewall rule manipulation attempts stateful anomaly on database |
Medium |
📦 Azure SQL Database solution for sentinel |
| Firmware Updates (Microsoft Defender for IoT) |
Medium |
📦 IoTOTThreatMonitoringwithDefenderforIoT |
| First access credential added to Application or Service Principal where no credential was present |
High |
📦 Microsoft Entra ID |
| Flare chat results |
Medium |
📦 Flare |
| Flare cloud bucket results |
Medium |
📦 Flare |
| Flare google dork results |
Medium |
📦 Flare |
| Flare host results |
Medium |
📦 Flare |
| Flare infected device results |
Medium |
📦 Flare |
| Flare leaked credentials results |
Medium |
📦 Flare |
| Flare lookalike domain results |
Medium |
📦 Flare |
| Flare marketplace results |
Medium |
📦 Flare |
| Flare paste results |
Medium |
📦 Flare |
| Flare source code results |
Medium |
📦 Flare |
| Flow Logs Alerts for Prancer |
High |
📦 Prancer PensuiteAI Integration |
| Forescout-DNS_Sniff_Event_Monitor |
Medium |
📦 ForescoutHostPropertyMonitor |
| Fortinet - Beacon pattern detected |
Low |
📄 Standalone Content |
| Fortiweb - WAF Allowed threat |
High |
📦 Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel |
| Four-Eyes Authorization Disabled |
High |
📦 Veeam |
| Four-Eyes Authorization Request Created |
High |
📦 Veeam |
| Four-Eyes Authorization Request Expired |
Medium |
📦 Veeam |
| Four-Eyes Authorization Request Rejected |
Informational |
📦 Veeam |
| Front Door Premium WAF - SQLi Detection |
High |
📦 Azure Web Application Firewall (WAF) |
| Front Door Premium WAF - XSS Detection |
High |
📦 Azure Web Application Firewall (WAF) |
| full_access_as_app Granted To Application |
Medium |
📦 Microsoft Entra ID |