Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Type | Workbook |
| Solution | SOC Handbook |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
✓ | ✓ | ? | |
AuditLogs |
OperationName == "Consent to application"OperationName == "Disable Strong Authentication"OperationName contains "password" |
✓ | ✗ | ? |
AzureActivity |
? | ✗ | ? | |
BehaviorAnalytics |
✓ | ✗ | ? | |
CommonSecurityLog |
✓ | ✓ | ? | |
DeviceLogonEvents |
✓ | ✗ | ? | |
DnsEvents |
✓ | ✗ | ? | |
HuntingBookmark |
✓ | ✗ | ? | |
IdentityInfo |
✓ | ✗ | ? | |
OfficeActivity |
✓ | ✗ | ? | |
Operation |
? | ✗ | ? | |
ProtectionStatus |
✓ | ✗ | ? | |
SecurityAlert |
✓ | ✗ | ? | |
SecurityBaseline |
✓ | ✗ | ? | |
SecurityBaselineSummary |
✓ | ✗ | ? | |
SecurityEvent |
EventID in "1102,4624,4625,4688,4719,4720,4723,4724,4768,4771,4776" |
✓ | ✓ | ? |
SecurityIncident |
✓ | ✗ | ? | |
SigninLogs |
✓ | ✗ | ? | |
Syslog |
✓ | ✓ | ? | |
ThreatIntelligenceIndicator |
✓ | ✓ | ? | |
Update |
✓ | ✗ | ? | |
UpdateSummary |
✓ | ✗ | ? | |
Usage |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊