Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies attack pattern when attacker tries to move, or scan, from resource to resource on the network and creates an incident when a source has more than 1 registered deny action in Azure Firewall.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Azure Firewall |
| ID | f8dad4e9-3f19-4d70-ab7f-8f19ccd43a3e |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Discovery, LateralMovement, CommandAndControl |
| Techniques | T1046, T1071, T1210 |
| Required Connectors | AzureFirewall |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AZFWApplicationRule |
✓ | ✗ | ? |
AZFWFlowTrace |
✓ | ✗ | ? |
AZFWIdpsSignature |
✓ | ✗ | ? |
AZFWNetworkRule |
✓ | ✗ | ? |
AzureDiagnostics 🔶 |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊