| IaaS admin detected |
Medium |
📦 Authomize |
| IaaS policy not attached to any identity |
Informational |
📦 Authomize |
| IaaS shadow admin detected |
High |
📦 Authomize |
| Identify instances where a single source is observed using multiple user agents (ASIM Web Session) |
Medium |
📦 Web Session Essentials |
| Identify Mango Sandstorm powershell commands |
High |
📄 Standalone Content |
| Identify SysAid Server web shell creation |
High |
📦 Web Shells Threat Protection |
| Illegal Function Codes for ICS traffic (Microsoft Defender for IoT) |
Medium |
📦 IoTOTThreatMonitoringwithDefenderforIoT |
| Illumio Enforcement Change Analytic Rule |
Medium |
📦 IllumioSaaS |
| Illumio Firewall Tampering Analytic Rule |
Medium |
📦 IllumioSaaS |
| Illumio VEN Clone Detection Rule |
High |
📦 IllumioSaaS |
| Illumio VEN Deactivated Detection Rule |
High |
📦 IllumioSaaS |
| Illumio VEN Offline Detection Rule |
High |
📦 IllumioSaaS |
| Illumio VEN Suspend Detection Rule |
High |
📦 IllumioSaaS |
| Illusive Incidents Analytic Rule |
Medium |
📦 Illusive Platform |
| Imminent Ransomware |
High |
📦 Microsoft Defender XDR |
| Imperva - Abnormal protocol usage |
Medium |
📦 ImpervaCloudWAF |
| Imperva - Critical severity event not blocked |
High |
📦 ImpervaCloudWAF |
| Imperva - Forbidden HTTP request method in request |
Medium |
📦 ImpervaCloudWAF |
| Imperva - Malicious Client |
High |
📦 ImpervaCloudWAF |
| Imperva - Malicious user agent |
High |
📦 ImpervaCloudWAF |
| Imperva - Multiple user agents from same source |
Medium |
📦 ImpervaCloudWAF |
| Imperva - Possible command injection |
High |
📦 ImpervaCloudWAF |
| Imperva - Request from unexpected countries |
High |
📦 ImpervaCloudWAF |
| Imperva - Request from unexpected IP address to admin panel |
High |
📦 ImpervaCloudWAF |
| Imperva - Request to unexpected destination port |
High |
📦 ImpervaCloudWAF |
| Infoblox - Data Exfiltration Attack |
Medium |
📦 Infoblox Cloud Data Connector |
| Infoblox - High Threat Level Query Not Blocked Detected |
Medium |
📦 Infoblox Cloud Data Connector |
| Infoblox - Many High Threat Level Queries From Single Host Detected |
Medium |
📦 Infoblox Cloud Data Connector |
| Infoblox - Many High Threat Level Single Query Detected |
Medium |
📦 Infoblox Cloud Data Connector |
| Infoblox - Many NXDOMAIN DNS Responses Detected |
Medium |
📦 Infoblox Cloud Data Connector |
| Infoblox - SOC Insight Detected - API Source |
Medium |
📦 Infoblox |
| Infoblox - SOC Insight Detected - API Source |
Medium |
📦 Infoblox SOC Insights |
| Infoblox - SOC Insight Detected - CDC Source |
Medium |
📦 Infoblox |
| Infoblox - SOC Insight Detected - CDC Source |
Medium |
📦 Infoblox SOC Insights |
| Infoblox - TI - CommonSecurityLog Match Found - MalwareC2 |
Medium |
📦 Infoblox Cloud Data Connector |
| Infoblox - TI - InfobloxCDC Match Found - Lookalike Domains |
Medium |
📦 Infoblox Cloud Data Connector |
| Infoblox - TI - Syslog Match Found - URL |
Medium |
📦 Infoblox Cloud Data Connector |
| Ingress Tool Transfer - Certutil |
Low |
📦 FalconFriday |
| Insider Risk_High User Security Alert Correlations |
Medium |
📦 MicrosoftPurviewInsiderRiskManagement |
| Insider Risk_High User Security Incidents Correlation |
High |
📦 MicrosoftPurviewInsiderRiskManagement |
| Insider Risk_Microsoft Purview Insider Risk Management Alert Observed |
High |
📦 MicrosoftPurviewInsiderRiskManagement |
| Insider Risk_Risky User Access By Application |
Medium |
📦 MicrosoftPurviewInsiderRiskManagement |
| Insider Risk_Sensitive Data Access Outside Organizational Geo-location |
High |
📦 MicrosoftPurviewInsiderRiskManagement |
| Internet Access (Microsoft Defender for IoT) |
High |
📦 IoTOTThreatMonitoringwithDefenderforIoT |
| Invalid Code for Multi-Factor Authentication Entered |
High |
📦 Veeam |
| IP address of Windows host encoded in web request |
Medium |
📄 Standalone Content |
| IP with multiple failed Microsoft Entra ID logins successfully logs in to Palo Alto VPN |
Medium |
📄 Standalone Content |