GDPRComplianceAndDataSecurity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

Attribute Value
Type Workbook
Solution GDPR Compliance & Data Security
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
AADNonInteractiveUserSignInLogs
AADUserRiskEvents
Anomalies ?
AuditLogs OperationName in "Add member to role,Add user,Consent to application,Reset user password,Update user"
OperationName == "Sign-in activity"
OperationName != "Consent to application"
AzureDiagnostics 🔶 Category == "SQLSecurityAuditEvents"
ResourceType == "SERVERS/DATABASES"
BehaviorAnalytics ActivityInsights has "True" ?
LAQueryLogs RequestClientApp != "Sentinel-General" ?
MicrosoftPurviewInformationProtection LabelName !in "General"
OfficeActivity ClientInfoString == "Client=Microsoft.Exchange.Powershell; Microsoft WinRM Client"
ExternalAccess == "True"
Logon_Type != "Owner"
OfficeObjectId has ".exe."
OfficeWorkload == "Exchange"
OfficeWorkload in "AzureActiveDirectory,MicrosoftTeams"
OfficeWorkload has_any "Exchange,OneDrive"
OfficeWorkload has_any "OneDrive,SharePoint"
Parameters contains "ForwardTo"
Parameters has "Deleted Items"
Parameters has "Junk Email"
RecordType in "ExchangeAdmin,SharePointFileOperation"
SourceRelativeUrl has "Microsoft Teams Chat Files"
Operation ? ?
PurviewDataSensitivityLogs
SecurityAlert AlertName contains "PII"
AlertName contains "confidential"
AlertName contains "intellectual"
AlertName contains "leak"
AlertName contains "sensitive"
AlertName contains "spill"
AlertName contains "steal"
AlertName contains "theft"
Tactics contains "exfil"
SecurityEvent
SecurityIncident
SigninLogs
Syslog

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Workbooks · Back to GDPR Compliance & Data Security