Cyble Vision Alerts Compromised Files

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Detects compromised files containing credential or logon data (stealer logs) related to monitored entities. Uses Alerts_compromised_files parser to expose file paths, log objects, and extracted email identifiers.

Attribute	Value
Type	Analytic Rule
Solution	Cyble Vision
ID	0f6a8287-09ee-4f82-b8c3-e35c4ac6212e
Severity	Low
Status	Available
Kind	Scheduled
Tactics	CredentialAccess, Exfiltration
Techniques	T1552, T1041
Required Connectors	CybleVisionAlerts
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
CybleVisionAlerts_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Cyble Vision