Infoblox - Data Exfiltration Attack

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Data exfiltration attack detected by Infoblox Threat Insight. Customize query count, scheduling, responses and more. This rule depends on a parser based on a Kusto Function to work as expected called InfobloxCDC.

Attribute	Value
Type	Analytic Rule
Solution	Infoblox Cloud Data Connector
ID	8db2b374-0337-49bd-94c9-cfbf8e5d83ad
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Impact
Techniques	T1498, T1565
Required Connectors	CefAma
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
CommonSecurityLog	DeviceEventClassID has "RPZ" DeviceProduct == "Data Connector" DeviceVendor == "Infoblox"	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Infoblox Cloud Data Connector