Contrast ADR - EDR Alert Correlation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Correlates Contrast ADR incidents with specific high-risk attack patterns including command injection, deserialization attacks, and file upload vulnerabilities. This rule identifies confirmed security events that require immediate attention from security teams.

Attribute	Value
Type	Analytic Rule
Solution	ContrastADR
ID	c1c6ba64-134e-403b-b9a6-1bebc90809a4
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Execution, DefenseEvasion, InitialAccess, CommandAndControl
Techniques	T1059, T1055, T1190, T1008
Required Connectors	ContrastADRCCF
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
ContrastADRAttackEvents_CL	?	✓	?
ContrastADRIncidents_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to ContrastADR