Bitglass Solution

Solution: Bitglass

Bitglass Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index

Attribute Value
Publisher Microsoft Corporation
Support Tier Microsoft
Support Link https://support.microsoft.com
Categories domains
Version 3.0.0
Author Microsoft - support@microsoft.com
First Published 2021-10-23
Solution Folder Bitglass
Marketplace Azure Marketplace · Popularity: 🟡 Low (14%)

The Bitglass solution provides the capability to retrieve security event logs of the Bitglass services and more events into Microsoft Sentinel through the REST API. The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Azure Monitor HTTP Data Collector API

b. Azure Functions

Contents

Data Connectors

This solution provides 1 data connector(s):

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 1 table(s):

Table Used By Connectors Used By Content
BitglassLogs_CL 🔶 Bitglass Analytics, Hunting, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 22 content item(s):

Content Type Count
Analytic Rules 10
Hunting Queries 10
Workbooks 1
Parsers 1

Analytic Rules

Name Severity Tactics Tables Used
Bitglass - Impossible travel distance Medium InitialAccess BitglassLogs_CL
Bitglass - Login from new device Medium InitialAccess BitglassLogs_CL
Bitglass - Multiple failed logins High CredentialAccess BitglassLogs_CL
Bitglass - Multiple files shared with external entity Medium Exfiltration BitglassLogs_CL
Bitglass - New admin user Medium PrivilegeEscalation BitglassLogs_CL
Bitglass - New risky user High InitialAccess BitglassLogs_CL
Bitglass - Suspicious file uploads High Exfiltration BitglassLogs_CL
Bitglass - The SmartEdge endpoint agent was uninstalled Medium DefenseEvasion BitglassLogs_CL
Bitglass - User Agent string has changed for user Medium InitialAccess BitglassLogs_CL
Bitglass - User login from new geo location Medium InitialAccess BitglassLogs_CL

Hunting Queries

Name Tactics Tables Used
Bitglass - Applications used Exfiltration BitglassLogs_CL
Bitglass - Insecure web protocol Exfiltration BitglassLogs_CL
Bitglass - Login failures InitialAccess BitglassLogs_CL
Bitglass - New applications Exfiltration BitglassLogs_CL
Bitglass - New users InitialAccess BitglassLogs_CL
Bitglass - Privileged login failures InitialAccess BitglassLogs_CL
Bitglass - Risky users InitialAccess BitglassLogs_CL
Bitglass - Risky users InitialAccess BitglassLogs_CL
Bitglass - Uncategorized resources InitialAccess BitglassLogs_CL
Bitglass - User devices InitialAccess BitglassLogs_CL

Workbooks

Name Tables Used
Bitglass BitglassLogs_CL

Parsers

Name Description Tables Used
Bitglass - BitglassLogs_CL (read)

Release Notes

Version Date Modified (DD-MM-YYYY) Change History
3.0.0 21-10-2024 Updated the python runtime version to 3.11 and updated functional URL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Solutions Index