Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Create an incident when an Account is suspected to be compromised. The higher the severity level is, the more immediate attention it requires as Vectra AI engine is more confident that this is a real threat. Level of severity are: Low, Medium, High, Critical). Recommended configuration is to trigger an alert for at least High and Critical.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Vectra AI Detect |
| ID | 321f9dbd-64b7-4541-81dc-08cf7732ccb0 |
| Severity | Informational |
| Status | Available |
| Kind | Scheduled |
| Tactics | CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact |
| Techniques | T1003, T1087, T1021, T1119, T1071, T1041, T1499 |
| Required Connectors | CefAma |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
CommonSecurityLog |
DeviceEventClassID == "asc"DeviceProduct == "X Series"DeviceVendor == "Vectra Networks" |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊