Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query will alert on any sign-ins from devices infected with malware in correlation with workspace deletion activity. Attackers may attempt to delete workspaces containing compute instances after successful compromise to cause service unavailability to regular business operation.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | a5b3429d-f1da-42b9-883c-327ecb7b91ff |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | InitialAccess, Impact |
| Techniques | T1078, T1489 |
| Required Connectors | AzureActiveDirectoryIdentityProtection, AzureActivity, BehaviorAnalytics |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊