AzureSecurityBenchmark

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

Attribute	Value
Type	Workbook
Solution	AzureSecurityBenchmark
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
`AADManagedIdentitySignInLogs`		✓	✗	✓
`AADNonInteractiveUserSignInLogs`		✓	✗	✓
`AADServicePrincipalSignInLogs`		✓	✗	✓
`AADUserRiskEvents`		✓	✗	✓
`AuditLogs`	`OperationName in "Add member to role,Add user,AzureFirewallIDSLog,NetworkSecurityGroupEvents,Reset user password,Update user"` `OperationName contains "PIM"` `OperationName contains "create"` `OperationName contains "delete"` `OperationName contains "lockbox"` `OperationName contains "remove"` `OperationName contains "update"`	✓	✗	✓
`AzureActivity`	`ActivityStatusValue in "Succeeded,Success"` `OperationNameValue contains "recovery"` `OperationNameValue startswith "Microsoft.KeyVault"` `OperationNameValue startswith "Microsoft.Logic"`	✗	✗	✗
`AzureDevOpsAuditing`		✓	✗	?
`AzureDiagnostics` 🔶	`Category in "All,AzureFirewallNetworkRule,NetworkSecurityGroupRuleCounter"` `ResourceProvider == "MICROSOFT.KEYVAULT"` `ResourceType == "AZUREFIREWALLS"` `msg_s !has ". Rule Collection:"` `msg_s !has "DNAT"` `msg_s !has "Policy:"` `msg_s !has "Rule Collection:"` `msg_s !has "Type="` `msg_s has ". Rule Collection:"` `msg_s has "DNAT"` `msg_s has "Policy:"` `msg_s has "Rule Collection:"` `msg_s has "Type="`	✗	✗	✗
`BehaviorAnalytics`		✓	✗	?
`Event`		✓	✓	✗
`GitHubAuditLogPolling_CL`		✓	✓	✓
`IdentityInfo`		✓	✗	?
`InformationProtectionLogs_CL` 🔶		?	✓	?
`ProtectionStatus`		✓	✗	?
`SecurityAlert`	`AlertName contains "auth"` `AlertName contains "cert"` `AlertName contains "cred"` `AlertName contains "password"` `AlertName contains "secret"` `ProviderName == "IPC"`	✓	✗	✓
`SecurityBaseline`	`AnalyzeResult in "Failed,Passed"`	✓	✗	?
`SecurityEvent`	`Account !contains "ANONYMOUS LOGON"` `AuthenticationPackageName == "NTLM"` `EventID in "2889,3000,4624,4768,4769,4776"` `LmPackageName == "NTLM V1"` `PackageName contains "WDigest"`	✓	✓	✓
`SecurityIncident`		✓	✗	✓
`SecurityNestedRecommendation`		✓	✗	?
`SecurityRegulatoryCompliance`		✓	✗	?
`SigninLogs`		✓	✗	✓

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Workbooks · Back to AzureSecurityBenchmark