Sign-ins from Nord VPN Providers

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This query tracks sign-ins via Nord VPN using a daily-updated API. Investigate unfamiliar sign-ins from VPNs unless common in your organization. It now includes UEBA logs IdentityInfo and BehaviorAnalytics for context.

Attribute Value
Type Hunting Query
Solution Cloud Identity Threat Protection Essentials
ID cdc9b092-8a16-4559-9e5e-831877e8209a
Tactics InitialAccess
Techniques T1078
Required Connectors AzureActiveDirectory, BehaviorAnalytics, BehaviorAnalytics
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
BehaviorAnalytics ?
IdentityInfo ?
SigninLogs ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Hunting Queries · Back to Cloud Identity Threat Protection Essentials