Threat Essentials - Mass Cloud resource deletions Time Series Anomaly

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

This query generates baseline pattern of cloud resource deletions by an user and generated anomaly when any unusual spike is detected. These anomalies from unusual or privileged users could be an indication of cloud infrastructure take-down by an adversary

Attribute	Value
Type	Analytic Rule
Solution	SecurityThreatEssentialSolution
ID	`fa2658fe-3714-4c55-bb12-2b7275c628e8`
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Impact
Techniques	T1485
Required Connectors	AzureActivity
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
`AzureActivity`	?	✗	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to SecurityThreatEssentialSolution