NISTSP80053

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

Attribute	Value
Type	Workbook
Solution	NISTSP80053
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
`AADUserRiskEvents`		✓	✗	✓
`AWSCloudTrail`		✓	✓	✓
`AWSVPCFlow`		✓	✓	✓
`AlertEvidence`	`Title contains "backdoor"` `Title contains "dos"` `Title contains "exploit"` `Title contains "file"` `Title contains "mining"` `Title contains "test"` `Title contains "tool"` `Title contains "ware"`	✓	✗	✓
`AuditLogs`	`OperationName contains "Delete"` `OperationName contains "PIM"` `OperationName contains "Remove"`	✓	✗	✓
`AzureActivity`	`ActivityStatusValue in "Succeeded,Success"` `OperationNameValue contains "cluster"` `OperationNameValue contains "insights"` `OperationNameValue contains "storage"` `OperationNameValue startswith "Microsoft.Logic"`	✗	✗	✗
`AzureDiagnostics` 🔶	`Category in "NetworkSecurityGroupEvent,kube-audit"` `Category contains "SQL"` `ResourceProvider == "MICROSOFT.KEYVAULT"` `ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES"`	✗	✗	✗
`CarbonBlack_Alerts_CL`		✗	✓	✗
`CommonSecurityLog`		✓	✓	✓
`ConfigurationChange`		✓	✗	?
`DeviceFileEvents`		✓	✗	?
`DnsEvents`		✓	✗	✓
`Dynamics365Activity`		✓	✗	✗
`EmailEvents`		✓	✗	✓
`GCP_IAM_CL` 🔶		?	✓	?
`Heartbeat`		?	✗	?
`IdentityInfo`		✓	✗	?
`OfficeActivity`	`Operation contains "file"`	✓	✗	✓
`Operation`		?	✗	?
`QualysHostDetectionV3_CL`		✓	✓	✓
`SecureScores`		✓	✗	?
`SecurityAlert`	`ProductName in "Azure Active Directory Identity Protection,Azure Security Center for IoT,Microsoft 365 Insider Risk Management"`	✓	✗	✓
`SecurityBaseline`	`AnalyzeResult in "Failed,Passed"` `RuleSetting contains "DisableLockScreenAppNotifications"` `RuleSetting contains "DisablePasswordReveal"` `RuleSetting contains "DisableRemovableDriveScanning"` `RuleSetting contains "EnableInstallerDetection"` `RuleSetting contains "EnableSmartScreen"` `RuleSetting contains "NoDriveTypeAutoRun"`	✓	✗	?
`SecurityEvent`		✓	✓	✓
`SecurityIncident`		✓	✗	✓
`SecurityRecommendation`	`RecommendationDisplayName contains "TPM"` `RecommendationState in "Healthy,Unhealthy"`	✓	✗	?
`SecurityRegulatoryCompliance`		✓	✗	?
`SigninLogs`		✓	✗	✓
`StorageBlobLogs`		✓	✗	✓
`Syslog`		✓	✓	✓
`ThreatIntelligenceIndicator`		✓	✓	✗
`Usage`		?	✗	?
`WindowsFirewall`		✓	✗	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Workbooks · Back to NISTSP80053