Valimail Enforce - Configuration Change Rate Trend

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Hunt for configuration change and user addition activity grouped by user and domain over hourly buckets. Use this to establish baselines, spot unusual spikes, and investigate specific users or domains flagged by the corresponding analytics rule.

Attribute	Value
Type	Hunting Query
Solution	ValimailEnforce
ID	`ce30ce49-2eaf-483c-85cd-c27a645d5355`
Tactics	Impact, DefenseEvasion, PrivilegeEscalation
Techniques	T1562, T1098, T1078
Required Connectors	ValimailEnforce
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
`ValimailEnforceEvents_CL`	?	✓	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to ValimailEnforce