Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Correlate IPs blocked by a Cisco firewall appliance with successful Microsoft Entra ID signins. Because the IP was blocked by the firewall, that same IP logging on successfully to Entra ID is potentially suspect and could indicate credential compromise for the user account.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | 157c0cfc-d76d-463b-8755-c781608cdc1a |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | InitialAccess |
| Techniques | T1078 |
| Required Connectors | CiscoASA, AzureActiveDirectory, AzureActiveDirectory |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊