Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'Identifies anomalous data transfer to public networks. The query leverages built-in KQL anomaly detection algorithms that detects large deviations from a baseline pattern. A sudden increase in data transferred to unknown public networks is an indication of data exfiltration attempts and should be investigated. The higher the score, the further it is from the baseline value. The output is aggregated to provide summary view of unique source IP to destination IP address and port bytes sent traffic
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | SecurityThreatEssentialSolution |
| ID | b49a1093-cbf6-4973-89ac-2eef98f533c6 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Exfiltration |
| Techniques | T1030 |
| Required Connectors | CiscoASA, CiscoAsaAma, PaloAltoNetworks, AzureMonitor(VMInsights) |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
Anomalies |
✓ | ✓ | ? |
CommonSecurityLog |
✓ | ✓ | ? |
VMConnection |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to SecurityThreatEssentialSolution