Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This alert leverages Defender for IoT to detect an unusually high bandwidth which may be an indication of a new service/process or malicious activity on the network. An example scenario is a cyber threat attempting to manipulate the SCADA network.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | IoTOTThreatMonitoringwithDefenderforIoT |
| ID | caa4665f-21fa-462d-bb31-92226e746c68 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | Discovery |
| Techniques | T0842 |
| Required Connectors | IoT |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityAlert |
AlertName in "ARP Spoofing,Abnormal Traffic Bandwidth,Abnormal Traffic Bandwidth Between Devices,ICMP Flooding"ProviderName == "IoTSecurity" |
✓ | ✗ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Analytic Rules · Back to IoTOTThreatMonitoringwithDefenderforIoT