Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Detects Microsoft Sentinel incidents tagged as SOCRadar that were closed more than 30 minutes ago but do not have the Synced tag. This may indicate the SOCRadar-Alarm-Sync playbook has failed to update the SOCRadar platform with the closure status.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | SOCRadar |
| ID | 6e2f8d4b-5a71-4c9e-b3f6-8a1c9d4e7b2a |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | Discovery |
| Techniques | T1526 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityIncident |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊