Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This alert joins SecurityAlerts to SecurityIncidents to associate Security Alerts and Incidents with user accounts. This aligns all Microsoft Alerting Products with Microsoft Incident Generating Products (Microsoft Sentinel, M365 Defender) for a count of user security incidents over time. The default threshold is 5 security incidents, and this is customizable per the organization's requirements. Results include UserPrincipalName (UPN), SecurityIncident, LastIncident, ProductName, LastObservedTi
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | MicrosoftPurviewInsiderRiskManagement |
| ID | 28a75d10-9b75-4192-9863-e452c3ad24db |
| Severity | High |
| Kind | Scheduled |
| Tactics | Execution |
| Techniques | T1204 |
| Required Connectors | MicrosoftDefenderAdvancedThreatProtection, AzureActiveDirectoryIdentityProtection, AzureSecurityCenter, IoT, MicrosoftCloudAppSecurity, IoT, OfficeATP |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityIncident |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to MicrosoftPurviewInsiderRiskManagement