Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identifies source IP that abnormally connects to multiple destinations according to learning period activity. This can indicate initial access attempts by attackers, trying to jump between different machines in the organization.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Azure Firewall |
| ID | d006f4f8-86bb-4c9d-9826-837762ddad6b |
| Tactics | CommandAndControl, LateralMovement |
| Techniques | T1021, T1570 |
| Required Connectors | AzureFirewall |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AZFWApplicationRule |
✓ | ✗ | ✓ |
AZFWNetworkRule |
✓ | ✗ | ✓ |
AzureDiagnostics 🔶 |
✗ | ✗ | ✗ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊