Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This query utilizes built-in KQL anomaly detection algorithms to identify anomalous data transfers to public networks. It detects significant deviations from a baseline pattern, allowing the detection of sudden increases in data transferred to unknown public networks, which may indicate data exfiltration attempts. Investigating such anomalies is crucial. The score indicates the degree to which the data transfer deviates from the baseline value. A higher score indicates a greater deviation. The
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Web Session Essentials |
| ID | 5965d3e7-8ed0-477c-9b42-e75d9237fab0 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Exfiltration |
| Techniques | T1030 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
Anomalies |
✓ | ✓ | ? |
WebSession_Summarized_SrcIP_CL 🔶 |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊