Vectra Host's Behaviors

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

This analytic rule is looking for new attacker behaviors observed by the Vectra Platform. This rule is focused on host's detections.

Attribute	Value
Type	Analytic Rule
Solution	Vectra AI Detect
ID	`33e3b6da-2660-4cd7-9032-11be76db88d2`
Severity	Informational
Status	Available
Kind	Scheduled
Tactics	CredentialAccess, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration, Impact
Techniques	T1003, T1087, T1021, T1119, T1071, T1041, T1499
Required Connectors	CefAma
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
`CommonSecurityLog`	`DeviceEventClassID != "asc"` `DeviceEventClassID != "audit"` `DeviceEventClassID != "campaigns"` `DeviceEventClassID != "health"` `DeviceEventClassID != "hsc"` `DeviceProduct == "X Series"` `DeviceVendor == "Vectra Networks"`	✓	✓	?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Vectra AI Detect