Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Type | Workbook |
| Solution | ZeroTrust(TIC3.0) |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
✓ | ✓ | ✓ | |
AWSVPCFlow |
✓ | ✓ | ✓ | |
AlertEvidence |
Title contains "IDS"Title contains "IPS"Title contains "anomal"Title contains "auth"Title contains "behavior"Title contains "data"Title contains "deception"Title contains "denial"Title contains "detonation"Title contains "dns"Title contains "dos"Title contains "dynamic"Title contains "email"Title contains "exfil"Title contains "exploit"Title contains "fusion"Title contains "honeytoken"Title contains "intrusion"Title contains "learning"Title contains "login"Title contains "loss"Title contains "mal"Title contains "malware"Title contains "password"Title contains "phish"Title contains "sand"Title contains "url" |
✓ | ✗ | ✓ |
AuditLogs |
OperationName in "Add member to role,Add user,ApplicationGatewayFirewall,AzureFirewallIDSLog,AzureFirewallThreatIntelLog,NetworkSecurityGroupEvents,Reset user password,Update user"OperationName contains "PIM" |
✓ | ✗ | ✓ |
AzureActivity |
ActivityStatusValue in "Succeeded,Success"OperationNameValue startswith "Microsoft.Logic" |
✗ | ✗ | ✗ |
AzureDiagnostics 🔶 |
Category in "ApplicationGatewayFirewallLog,AzureFirewallApplicationRule,AzureFirewallDnsProxy,AzureFirewallNetworkRule,DDoSMitigationReports,FrontdoorWebApplicationFirewallLog,NetworkSecurityGroupEvent,WebApplicationFirewallLogs,kube-audit"Category contains "SQL"Resource == "SOC-NS-AG-WAFV2"ResourceProvider == "MICROSOFT.KEYVAULT"ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES"msg_s !has ". Url"msg_s !has "No rule matched"msg_s !has "Reason:"msg_s !has "Rule Collection"msg_s !has "TLS extension was missing"msg_s !has "Url"msg_s !has "Web Category:"msg_s has ". No rule matched"msg_s has ". Url"msg_s has "Reason:"msg_s has "Rule Collection Group"msg_s has "Url"msg_s has "Web Category:" |
✗ | ✗ | ✗ |
BehaviorAnalytics |
✓ | ✗ | ? | |
CarbonBlack_Alerts_CL |
✗ | ✓ | ✗ | |
CommonSecurityLog |
✓ | ✓ | ✓ | |
DeviceRegistryEvents |
✓ | ✗ | ? | |
DnsEvents |
✓ | ✗ | ✓ | |
Dynamics365Activity |
✓ | ✗ | ✗ | |
EmailAttachmentInfo |
✓ | ✗ | ? | |
EmailEvents |
ActionType in "Add member to role,Add user,InteractiveLogon,RemoteInteractiveLogon,Reset user password,ResourceAccess,Sign-in,Update user" |
✓ | ✗ | ✓ |
EmailUrlInfo |
✓ | ✗ | ? | |
GCP_IAM_CL 🔶 |
? | ✓ | ? | |
IdentityInfo |
✓ | ✗ | ? | |
InformationProtectionLogs_CL 🔶 |
? | ✓ | ? | |
OfficeActivity |
RecordType == "MicrosoftTeams" |
✓ | ✗ | ✓ |
Operation |
? | ✗ | ? | |
QualysHostDetectionV3_CL |
✓ | ✓ | ✓ | |
SecurityAlert |
AlertName contains "mal"Entities contains "Fail"Entities contains "inbound"Entities contains "outbound"ProductName in "Azure Active Directory Identity Protection,Azure Security Center for IoT,Microsoft 365 Insider Risk Management" |
✓ | ✗ | ✓ |
SecurityBaseline |
AnalyzeResult in "Failed,Passed" |
✓ | ✗ | ? |
SecurityEvent |
✓ | ✓ | ✓ | |
SecurityIncident |
✓ | ✗ | ✓ | |
SecurityRecommendation |
RecommendationDisplayName contains "JIT"RecommendationDisplayName contains "Just"RecommendationDisplayName contains "VPC"RecommendationDisplayName contains "Web Application Firewall"RecommendationDisplayName contains "account"RecommendationDisplayName contains "adaptive"RecommendationDisplayName contains "admin"RecommendationDisplayName contains "application gateway"RecommendationDisplayName contains "audit"RecommendationDisplayName contains "authentication"RecommendationDisplayName contains "authorized"RecommendationDisplayName contains "automation"RecommendationDisplayName contains "back"RecommendationDisplayName contains "balance"RecommendationDisplayName contains "cert"RecommendationDisplayName contains "certificate"RecommendationDisplayName contains "config"RecommendationDisplayName contains "deception"RecommendationDisplayName contains "defender"RecommendationDisplayName contains "denial"RecommendationDisplayName contains "disaster"RecommendationDisplayName contains "dns"RecommendationDisplayName contains "encrypt"RecommendationDisplayName contains "endpoint protection"RecommendationDisplayName contains "express"RecommendationDisplayName contains "firewall"RecommendationDisplayName contains "geo"RecommendationDisplayName contains "guest"RecommendationDisplayName contains "honey"RecommendationDisplayName contains "identity"RecommendationDisplayName contains "java"RecommendationDisplayName contains "load"RecommendationDisplayName contains "log"RecommendationDisplayName contains "logic"RecommendationDisplayName contains "malware"RecommendationDisplayName contains "network access"RecommendationDisplayName contains "network gateway"RecommendationDisplayName contains "network security group"RecommendationDisplayName contains "notification"RecommendationDisplayName contains "password"RecommendationDisplayName contains "patch"RecommendationDisplayName contains "playbook"RecommendationDisplayName contains "private"RecommendationDisplayName contains "privilege"RecommendationDisplayName contains "protected by Azure Firewall"RecommendationDisplayName contains "proxy"RecommendationDisplayName contains "recover"RecommendationDisplayName contains "redundant"RecommendationDisplayName contains "region"RecommendationDisplayName contains "safe"RecommendationDisplayName contains "scale"RecommendationDisplayName contains "security group"RecommendationDisplayName contains "segment"RecommendationDisplayName contains "shared"RecommendationDisplayName contains "subnet"RecommendationDisplayName contains "update"RecommendationDisplayName contains "upgrade"RecommendationDisplayName contains "version"RecommendationDisplayName contains "vpn"RecommendationDisplayName contains "vuln"RecommendationDisplayName contains "watcher"RecommendationDisplayName contains "web apps"RecommendationState in "Healthy,Unhealthy" |
✓ | ✗ | ? |
SigninLogs |
AppDisplayName has_any "teams" |
✓ | ✗ | ✓ |
StorageTableLogs |
✓ | ✗ | ✓ | |
Syslog |
✓ | ✓ | ✓ | |
ThreatIntelligenceIndicator |
✓ | ✓ | ✗ | |
Usage |
? | ✗ | ? | |
VMConnection |
? | ✗ | ? | |
WindowsFirewall |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊