⚠️ Authomize

⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.

Authomize Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index

Attribute	Value
Publisher	Authomize
Support Tier	Partner
Support Link	https://support.authomize.com
Categories	domains,verticals
Version	3.0.0
Author	Authomize - support@authomize.com
First Published	2023-06-15
Solution Folder	Authomize

The Authomize Solution integrates Authomize with Microsoft Sentinel to monitor and analyze security events from Authomize.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

Authomize Data Connector 🔶

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`Authomize_v2_CL` 🔶	Authomize Data Connector	Analytics, Hunting, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 28 content item(s):

Content Type	Count
Analytic Rules	21
Hunting Queries	6
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
AWS role with admin privileges	High	InitialAccess	`Authomize_v2_CL`
AWS role with shadow admin privileges	High	InitialAccess	`Authomize_v2_CL`
Access to AWS without MFA	Medium	InitialAccess	`Authomize_v2_CL`
Admin SaaS account detected	Low	InitialAccess, PrivilegeEscalation	`Authomize_v2_CL`
Admin password not updated in 30 days	Medium	InitialAccess	`Authomize_v2_CL`
Detect AWS IAM Users	High	PrivilegeEscalation	`Authomize_v2_CL`
Empty group with entitlements	Informational	PrivilegeEscalation, Persistence	`Authomize_v2_CL`
IaaS admin detected	Medium	InitialAccess	`Authomize_v2_CL`
IaaS policy not attached to any identity	Informational	PrivilegeEscalation, Persistence	`Authomize_v2_CL`
IaaS shadow admin detected	High	InitialAccess	`Authomize_v2_CL`
Lateral Movement Risk - Role Chain Length	Informational	PrivilegeEscalation, Persistence	`Authomize_v2_CL`
New direct access policy was granted against organizational policy	Low	InitialAccess, PrivilegeEscalation	`Authomize_v2_CL`
New service account gained access to IaaS resource	Informational	InitialAccess	`Authomize_v2_CL`
Password Exfiltration over SCIM application	High	CredentialAccess, InitialAccess	`Authomize_v2_CL`
Privileged Machines Exposed to the Internet	High	Discovery, Impact	`Authomize_v2_CL`
Refactor AWS policy based on activities in the last 60 days	High	PrivilegeEscalation	`Authomize_v2_CL`
Stale AWS policy attachment to identity	Low	InitialAccess	`Authomize_v2_CL`
Stale IAAS policy attachment to role	Informational	PrivilegeEscalation, Persistence	`Authomize_v2_CL`
Unused IaaS Policy	High	InitialAccess, PrivilegeEscalation	`Authomize_v2_CL`
User assigned to a default admin role	High	InitialAccess	`Authomize_v2_CL`
User without MFA	Medium	InitialAccess	`Authomize_v2_CL`

Hunting Queries

Name	Tactics	Tables Used
Admin SaaS account detected	PrivilegeEscalation	`Authomize_v2_CL`
IaaS admin detected	PrivilegeEscalation	`Authomize_v2_CL`
IaaS shadow admin detected	PrivilegeEscalation	`Authomize_v2_CL`
Password Exfiltration over SCIM application	CredentialAccess	`Authomize_v2_CL`
Privileged Machines Exposed to the Internet	Discovery	`Authomize_v2_CL`
ateral Movement Risk - Role Chain Length	PrivilegeEscalation	`Authomize_v2_CL`

Workbooks

Name	Tables Used
Authomize	`Authomize_v2_CL`

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	12-12-2023	Added Entity Mapping to Analytic rules