Sonrai Ticket Risk Accepted

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Checks if Sonrai tickets have had their risk accepted. It uses the action type to check if a ticket has had it's risk accepted

Attribute	Value
Type	Analytic Rule
Solution	SonraiSecurity
ID	080191e8-271d-4ae6-85ce-c7bcd4b06b40
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation
Techniques	T1566, T1059, T1547, T1548, T1562, T1003, T1087, T1021, T1119, T1071, T1041, T1499
Required Connectors	SonraiDataConnector
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
Sonrai_Tickets_CL 🔶	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to SonraiSecurity