Risky user signin observed in non-Microsoft network device — Solutions Analyzer

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

This content is utilized to identify instances of successful login by risky users, who have been observed engaging in potentially suspicious network activity on non-Microsoft network devices.

Attribute	Value
Type	Analytic Rule
Solution	Standalone Content
ID	`042f2801-a375-4cfd-bd29-041fc7ed88a0`
Severity	Medium
Kind	Scheduled
Tactics	CommandAndControl
Techniques	T1071
Required Connectors	AzureActiveDirectory, PaloAltoNetworks, Fortinet, CheckPoint, Zscaler
Source	View on GitHub

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules