Analytic Rules - R

49 analytic rules starting with 'R'.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Jump to letter: # | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Z

Source: 📦 Solution | 📄 Standalone | 🔗 GitHub Only

Name	Severity	Source
Radiflow - Exploit Detected	High	📦 Radiflow
Radiflow - Network Scanning Detected	High	📦 Radiflow
Radiflow - New Activity Detected	Medium	📦 Radiflow
Radiflow - Platform Alert	Medium	📦 Radiflow
Radiflow - Policy Violation Detected	Medium	📦 Radiflow
Radiflow - Suspicious Malicious Activity Detected	High	📦 Radiflow
Radiflow - Unauthorized Command in Operational Device	Medium	📦 Radiflow
Radiflow - Unauthorized Internet Access	Medium	📦 Radiflow
Ransom Protect Detected a Ransomware Attack	High	📦 CTERA
Ransom Protect User Blocked	High	📦 CTERA
Ransomware Attack Detected	High	📦 Nasuni
Ransomware Client Blocked	High	📦 Nasuni
Rare and potentially high-risk Office operations	Low	📦 Microsoft 365
Rare application consent	Medium	📦 Microsoft Entra ID
Rare client observed with high reverse DNS lookup count	Medium	📦 Windows Server DNS
Rare client observed with high reverse DNS lookup count - Anomaly based (ASIM DNS Solution)	Medium	📦 DNS Essentials
Rare client observed with high reverse DNS lookup count - Static threshold based (ASIM DNS Solution)	Medium	📦 DNS Essentials
Rare Process as a Service	Medium	📦 Microsoft Defender XDR
Rare RDP Connections	Medium	📄 Standalone Content
Rare subscription-level operations in Azure	Low	📦 Azure Activity
RDP Nesting	Medium	📄 Standalone Content
RDS instance publicly exposed	Medium	📦 Amazon Web Services
Recorded Future Identity - Credential Exposure Detected	High	📦 Recorded Future Identity
RecordedFuture Threat Hunting Domain All Actors	Medium	📦 Recorded Future
RecordedFuture Threat Hunting Hash All Actors	Medium	📦 Recorded Future
RecordedFuture Threat Hunting IP All Actors	Medium	📦 Recorded Future
RecordedFuture Threat Hunting Url All Actors	Medium	📦 Recorded Future
Recovery Token Deleted	Low	📦 Veeam
Red Canary Threat Detection ⚠️	High	📦 Red Canary
Refactor AWS policy based on activities in the last 60 days	High	📦 Authomize
Registries Alerts for Prancer ⚠️	High	📦 Prancer PenSuiteAI Integration
Registry Persistence via AppCert DLL Modification	Medium	📦 Endpoint Threat Protection Essentials
Registry Persistence via AppInit DLLs Modification	Medium	📦 Endpoint Threat Protection Essentials
Regsvr32 Rundll32 Image Loads Abnormal Extension	High	📦 Microsoft Defender XDR
Regsvr32 Rundll32 with Anomalous Parent Process	High	📦 Microsoft Defender XDR
Remote Desktop Network Brute force (ASIM Network Session schema)	Medium	📦 Network Session Essentials
Remote Desktop Protocol - SharpRDP	Medium	📦 FalconFriday
Remote File Creation with PsExec	High	📦 Microsoft Defender XDR
Removable storage ONLINE event from secRMM	High	📦 Squadra Technologies SecRmm
Rename System Utilities	Medium	📦 FalconFriday
Request for single resource on domain ⚠️	Low	📦 Zscaler Internet Access
Response rows stateful anomaly on database	Medium	📦 Azure SQL Database solution for sentinel
Restore Point Marked as Clean	Informational	📦 Veeam
Restore Point Marked as Infected	High	📦 Veeam
Risky user signin observed in non-Microsoft network device	Medium	📄 Standalone Content
RSA ID Plus - Locked Administrator Account Detected	Medium	📦 RSAIDPlus_AdminLogs_Connector
Rubrik Critical Anomaly	Medium	📦 RubrikSecurityCloud
Rubrik Threat Monitoring	Medium	📦 RubrikSecurityCloud
RunningRAT request parameters	High	📄 Standalone Content

⚠️ Items marked with ⚠️ are not listed in their Solution JSON file. They were discovered by scanning solution folders.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index · Back to Analytic Rules