Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This summary rule aggregates network session data using the ASIM normalized _Im_NetworkSession function. It creates hourly summaries of traffic grouped by source port, network direction, and device action. The output helps identify traffic patterns by port usage and action types over time, enabling efficient detection of unusual behavior or port-based anomalies.
| Attribute | Value |
|---|---|
| Type | Summary Rule |
| Solution | Network Session Essentials |
| ID | 1347d3bc-080a-49bf-a1f0-b430a5fa6475 |
| Required Connectors | AWSS3, MicrosoftThreatProtection, SecurityEvents, WindowsSecurityEvents, WindowsForwardedEvents, Zscaler, MicrosoftSysmonForLinux, PaloAltoNetworks, AzureMonitor(VMInsights), AzureFirewall, AzureNSG, CiscoASA, CiscoAsaAma, Corelight, AIVectraStream, CheckPoint, Fortinet, CiscoMeraki |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Summary Rules · Back to Network Session Essentials