Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Type | Workbook |
| Solution | SOC Handbook |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
✓ | ✓ | ✓ | |
AuditLogs |
AdditionalDetails contains "fraud"OperationName == "Consent to application"OperationName == "Disable Strong Authentication"OperationName contains "password" |
✓ | ✗ | ✓ |
AzureActivity |
✗ | ✗ | ✗ | |
BehaviorAnalytics |
✓ | ✗ | ? | |
CommonSecurityLog |
✓ | ✓ | ✓ | |
DeviceLogonEvents |
✓ | ✗ | ? | |
DnsEvents |
ResultCode == "0" |
✓ | ✗ | ✓ |
HuntingBookmark |
✓ | ✗ | ? | |
IdentityInfo |
✓ | ✗ | ? | |
OfficeActivity |
Operation in "New-InboxRule,Set-Mailbox" |
✓ | ✗ | ✓ |
Operation |
? | ✗ | ? | |
ProtectionStatus |
✓ | ✗ | ? | |
SecurityAlert |
✓ | ✗ | ✓ | |
SecurityBaseline |
AnalyzeResult == "Failed" |
✓ | ✗ | ? |
SecurityBaselineSummary |
✓ | ✗ | ? | |
SecurityEvent |
AccountType != "Computer"AccountType != "Machine"ErrorCode == "500121"EventID in "1102,4624,4625,4688,4719,4720,4723,4724,4768,4771,4776"TargetAccount !contains "NT AUTHORITY"TargetAccount !endswith "$" |
✓ | ✓ | ✓ |
SecurityIncident |
✓ | ✗ | ✓ | |
SigninLogs |
AppDisplayName == "Windows Sign In" |
✓ | ✗ | ✓ |
Syslog |
✓ | ✓ | ✓ | |
ThreatIntelligenceIndicator |
✓ | ✓ | ✗ | |
Update |
Classification != "Feature Packs"UpdateState != "Installed" |
✓ | ✗ | ? |
UpdateSummary |
✓ | ✗ | ? | |
Usage |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊