Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Detects a successful logon by a privileged account from an ASN not logged in from in the last 14 days. Monitor these logons to ensure they are legitimate and identify if there are any similar sign ins.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | 55073036-bb86-47d3-a85a-b113ac3d9396 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | DefenseEvasion |
| Techniques | T1078.004 |
| Required Connectors | AzureActiveDirectory, BehaviorAnalytics, BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
IdentityInfo |
✓ | ✗ | ? |
SigninLogs |
✓ | ✗ | ? |
The following connectors provide data for this content item:
| Connector | Solution |
|---|---|
| AzureActiveDirectory | Microsoft Entra ID |
Solutions: Microsoft Entra ID
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊