Threat Essentials - Mass Cloud resource deletions Time Series Anomaly

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query generates baseline pattern of cloud resource deletions by an user and generated anomaly when any unusual spike is detected. These anomalies from unusual or privileged users could be an indication of cloud infrastructure take-down by an adversary

Attribute	Value
Type	Analytic Rule
Solution	SecurityThreatEssentialSolution
ID	fa2658fe-3714-4c55-bb12-2b7275c628e8
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Impact
Techniques	T1485
Required Connectors	AzureActivity
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AzureActivity	OperationNameValue endswith "delete"	✗	✗	✗

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules · Back to SecurityThreatEssentialSolution