Vectra Account's Behaviors

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This analytic rule is looking for new attacker behaviors observed by the Vectra Platform. This rule is focused on account's detections.

Attribute	Value
Type	Analytic Rule
Solution	Vectra AI Detect
ID	ce54b5d3-4c31-4eaf-a73e-31412270b6ab
Severity	Informational
Status	Available
Kind	Scheduled
Tactics	CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact
Techniques	T1003, T1087, T1021, T1119, T1071, T1041, T1499
Required Connectors	CefAma
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
CommonSecurityLog	DeviceEventClassID != "asc" DeviceEventClassID != "audit" DeviceEventClassID != "campaigns" DeviceEventClassID != "health" DeviceEventClassID != "hsc" DeviceProduct == "X Series" DeviceVendor == "Vectra Networks"	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Vectra AI Detect