Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies and alerts on internal employee accounts that have been compromised, based on CYFIRMA's threat intelligence. This rule captures the latest exposure of user credentials, IP addresses, hostnames, operating systems, and pass hashes observed in the threat feed. It supports rapid detection and investigation of phishing, stealer malware, and insider compromise scenarios.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Cyfirma Compromised Accounts |
| ID | 72d3fb86-d1eb-44d6-9352-170c6bb45bb7 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | CredentialAccess, InitialAccess, Persistence |
| Techniques | T1003, T1552, T1078, T1098 |
| Required Connectors | CyfirmaCompromisedAccountsDataConnector |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CyfirmaCompromisedAccounts_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Cyfirma Compromised Accounts