Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
The analytic rule is intended to detect when a file is blocked by Votiro Sanitization Engine due to a specific policy, and notify the appropriate parties so that they can take appropriate action. The alert message will state that a file with a specific name and hash value was blocked by Votiro Sanatization Engine due to a specific policy name, and that more details can be found at a specific incident URL.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Votiro |
| ID | 17bf3780-ae0d-4cd9-a884-5df8b687f3f5 |
| Severity | Low |
| Kind | Scheduled |
| Tactics | DefenseEvasion, Discovery, Impact |
| Techniques | T1036, T1083, T1057, T1082, T1565, T1498, T0837 |
| Required Connectors | Votiro, CefAma |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
CommonSecurityLog |
DeviceProduct == "Votiro cloud"DeviceVendor == "Votiro" |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊