SOXITCompliance

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

Attribute Value
Type Workbook
Solution SOX IT Compliance
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
AuditLogs
AzureActivity
CommonSecurityLog DeviceVendor has_any "CrowdStrike,Microsoft,Qualys,Tripwire"
Message has_any "change"
Message has_any "record modified"
ConfigurationChange ?
Heartbeat ? ?
IdentityDirectoryEvents ActionType in "DirectoryRoleMembershipChanged,GroupMembershipChanged,PrivilegeEscalation,SensitiveAccountChanged,UserAccountControlChanged" ?
OfficeActivity Operation in "AddFolderPermissions,AddedToGroup,GroupAdded,MemberAdded,MemberRemoved,MemberRoleChanged,ModifyFolderPermissions,PermissionLevelAdded,Remove-ConditionalAccessPolicy,Set-ConditionalAccessPolicy,SharingSet"
Operation ? ?
SecurityEvent EventID in "1100,1102,1104,1240,1241,1242,4656,4657,4660,4663,4670,4688,4719,4720,4726,4732,4739,4754,4907"
ObjectName has_any "xlsx"
SigninLogs OperationName has_any "Add directory role member,Add member to role,Add user,Create user,Role assignment,Update user"
OperationName has_any "directory write,policy update,role assignment,role update"
Syslog SyslogMessage has_any "ALTER TABLE,CREATE TABLE,DROP TABLE,database modified,schema change"
SyslogMessage has_any "auditd stopped,logging stopped,rsyslog stopped,syslog stopped"
SyslogMessage has_any "change,config,edit,modified,updated"
SyslogMessage has_any "change,config,modified,registry,updated"
SyslogMessage has_any "checksum mismatch,file deleted,file modified,file tamper"

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Workbooks · Back to SOX IT Compliance