Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
'This alert joins SecurityAlerts to SecurityIncidents to associate Security Alerts and Incidents with user accounts. This aligns all Microsoft Alerting Products with Microsoft Incident Generating Products (Microsoft Sentinel, M365 Defender) for a count of user security incidents over time. The default threshold is 5 security incidents, and this is customizable per the organization's requirements. Results include UserPrincipalName (UPN), SecurityIncident, LastIncident, ProductName, LastObservedTi
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | MicrosoftPurviewInsiderRiskManagement |
| ID | 28a75d10-9b75-4192-9863-e452c3ad24db |
| Severity | High |
| Kind | Scheduled |
| Tactics | Execution |
| Techniques | T1204 |
| Required Connectors | MicrosoftDefenderAdvancedThreatProtection, AzureActiveDirectoryIdentityProtection, AzureSecurityCenter, IoT, MicrosoftCloudAppSecurity, IoT, OfficeATP |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityIncident |
✓ | ✗ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Analytic Rules · Back to MicrosoftPurviewInsiderRiskManagement