Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This analytic rule is looking for new alert evidence from Microsoft Defender for Endpoint. The intent is to create entries in the SecurityAlert table for every new alert evidence attached to an entity of type Device or User monitored by Defender for Endpoint.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Vectra XDR |
| ID | 8138863e-e55f-4f02-ac94-72796e203d27 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | Persistence |
| Techniques | T1546 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AlertEvidence |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊