Analytic Rules - U

47 analytic rules starting with 'U'.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Jump to letter: # | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Z

Source: 📦 Solution | 📄 Standalone | 🔗 GitHub Only

Name	Severity	Source
Ubiquiti - Connection to known malicious IP or C2	Medium	📦 Ubiquiti UniFi
Ubiquiti - connection to non-corporate DNS server	Medium	📦 Ubiquiti UniFi
Ubiquiti - Large ICMP to external server	Medium	📦 Ubiquiti UniFi
Ubiquiti - Possible connection to cryptominning pool	Medium	📦 Ubiquiti UniFi
Ubiquiti - RDP from external source	Medium	📦 Ubiquiti UniFi
Ubiquiti - SSH from external source	Medium	📦 Ubiquiti UniFi
Ubiquiti - Unknown MAC Joined AP	Medium	📦 Ubiquiti UniFi
Ubiquiti - Unusual DNS connection	Medium	📦 Ubiquiti UniFi
Ubiquiti - Unusual FTP connection to external server	Medium	📦 Ubiquiti UniFi
Ubiquiti - Unusual traffic	Medium	📦 Ubiquiti UniFi
Unauthorized device in the network (Microsoft Defender for IoT)	Medium	📦 IoTOTThreatMonitoringwithDefenderforIoT
Unauthorized DHCP configuration in the network (Microsoft Defender for IoT)	Medium	📦 IoTOTThreatMonitoringwithDefenderforIoT
Unauthorized EC2 Instance Setup Attempt	Medium	📦 Amazon Web Services
Unauthorized PLC changes (Microsoft Defender for IoT)	Medium	📦 IoTOTThreatMonitoringwithDefenderforIoT
Unauthorized remote access to the network (Microsoft Defender for IoT)	Medium	📦 IoTOTThreatMonitoringwithDefenderforIoT
Unauthorized user access across AWS and Azure	Medium	📦 Multi Cloud Attack Coverage Essentials - Resource Abuse
Unused IaaS Policy	High	📦 Authomize
Unusual Anomaly	Medium	🔗 GitHub Only
Unusual identity creation using exchange powershell	High	📄 Standalone Content
Unusual Volume of file deletion by users	High	📦 Microsoft Defender XDR
Unusual Volume of Password Updated or Removed	Low	📦 Lastpass Enterprise Activity Monitoring
URL Added to Application from Unknown Domain	High	📄 Standalone Content
User Accessed Suspicious URL Categories	Medium	📦 SymantecProxySG
User account added to built in domain local or global group	Low	📄 Standalone Content
User account created and deleted within 10 mins	Medium	📄 Standalone Content
User Account Created Using Incorrect Naming Format	Low	📄 Standalone Content
User account created without expected attributes defined	Low	📄 Standalone Content
User account enabled and disabled within 10 mins	Medium	📄 Standalone Content
User Accounts - Sign in Failure due to CA Spikes	Medium	📦 Microsoft Entra ID
User Added to Admin Role	Low	📦 Business Email Compromise - Financial Fraud
User added to Microsoft Entra ID Privileged Groups	Medium	📦 Microsoft Entra ID
User agent search for log4j exploitation attempt	High	📦 Apache Log4j Vulnerability Detection
User Assigned New Privileged Role	High	📦 Microsoft Entra ID
User assigned to a default admin role	High	📦 Authomize
User IAM Enumeration	Medium	📦 Amazon Web Services
User impersonation by Identity Protection alerts	Medium	📦 Multi Cloud Attack Coverage Essentials - Resource Abuse
User joining Zoom meeting from suspicious timezone	Low	📄 Standalone Content
User Login from Different Countries within 3 hours	High	📦 Okta Single Sign-On
User login from different countries within 3 hours (Uses Authentication Normalization)	High	📄 Standalone Content
User or Group Added	High	📦 Veeam
User or Group Deleted	High	📦 Veeam
User Session Impersonation(Okta)	Medium	📦 Okta Single Sign-On
User Sign in from different countries	Medium	📦 Salesforce Service Cloud
User State changed from Guest to Member	Medium	📄 Standalone Content
User without MFA	Medium	📦 Authomize
UserAccountDisabled	Medium	📦 SenservaPro
Users searching for VIP user activity	Low	📄 Standalone Content

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index · Back to Analytic Rules