CYFIRMA Cyber Intelligence

Solution: Cyfirma Cyber Intelligence

Cyfirma Cyber Intelligence Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	CYFIRMA
Support Tier	Partner
Support Link	https://www.cyfirma.com/contact-us/
Categories	domains
Version	3.0.0
Author	Microsoft
First Published	2025-05-15
Solution Folder	Cyfirma Cyber Intelligence
Marketplace	Azure Marketplace · Popularity: 🟡 Low (17%)

The CYFIRMA Cyber Intelligence solution integrates with Microsoft Sentinel to provide actionable intelligence on IOCs, threat actors, malicious campaigns, and malware. This integration enables security teams to detect, analyze, and respond to emerging threats by correlating external threat data with internal telemetry. By ingesting enriched threat intelligence into Sentinel, organizations gain visibility into malicious activity, track threat actor tactics, and automate defense mechanisms to mitigate risks proactively.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

CYFIRMA Cyber Intelligence

Tables Used

This solution uses 4 table(s):

Table	Used By Connectors	Used By Content
`CyfirmaCampaigns_CL`	CYFIRMA Cyber Intelligence	-
`CyfirmaIndicators_CL`	CYFIRMA Cyber Intelligence	Analytics
`CyfirmaMalware_CL`	CYFIRMA Cyber Intelligence	-
`CyfirmaThreatActors_CL`	CYFIRMA Cyber Intelligence	-

Content Items

This solution includes 36 content item(s):

Content Type	Count
Analytic Rules	36

Analytic Rules

Name	Severity	Tactics	Tables Used
CYFIRMA - High severity Command & Control Network Indicators with Block Recommendation Rule	High	CommandAndControl, InitialAccess, Exfiltration	`CyfirmaIndicators_CL`
CYFIRMA - High severity Command & Control Network Indicators with Monitor Recommendation Rule	High	CommandAndControl, InitialAccess, Exfiltration	`CyfirmaIndicators_CL`
CYFIRMA - High severity File Hash Indicators with Block Action Rule	High	Execution, InitialAccess, DefenseEvasion, Impact	`CyfirmaIndicators_CL`
CYFIRMA - High severity File Hash Indicators with Block Action and Malware	High	InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, Impact	`CyfirmaIndicators_CL`
CYFIRMA - High severity File Hash Indicators with Monitor Action Rule	High	Execution, InitialAccess, DefenseEvasion, Impact	`CyfirmaIndicators_CL`
CYFIRMA - High severity File Hash Indicators with Monitor Action and Malware	High	DefenseEvasion, InitialAccess, Impact, Execution	`CyfirmaIndicators_CL`
CYFIRMA - High severity Malicious Network Indicators Associated with Malware - Block Recommended Rule	High	InitialAccess, Execution, CommandAndControl	`CyfirmaIndicators_CL`
CYFIRMA - High severity Malicious Network Indicators Associated with Malware - Monitor Recommended Rule	High	InitialAccess, Execution, CommandAndControl	`CyfirmaIndicators_CL`
CYFIRMA - High severity Malicious Network Indicators with Block Action Rule	High	InitialAccess, Execution, Reconnaissance, Impact	`CyfirmaIndicators_CL`
CYFIRMA - High severity Malicious Network Indicators with Monitor Action Rule	High	InitialAccess, Execution, Reconnaissance, Impact	`CyfirmaIndicators_CL`
CYFIRMA - High severity Malicious Phishing Network Indicators - Block Recommended Rule	High	InitialAccess, Execution, CredentialAccess, Exfiltration	`CyfirmaIndicators_CL`
CYFIRMA - High severity Malicious Phishing Network Indicators - Monitor Recommended Rule	High	InitialAccess, Execution, CredentialAccess, Exfiltration	`CyfirmaIndicators_CL`
CYFIRMA - High severity TOR Node Network Indicators - Block Recommended Rule	High	CommandAndControl, Exfiltration, InitialAccess, Persistence, Reconnaissance	`CyfirmaIndicators_CL`
CYFIRMA - High severity TOR Node Network Indicators - Monitor Recommended Rule	High	CommandAndControl, Exfiltration, InitialAccess, Persistence, Reconnaissance	`CyfirmaIndicators_CL`
CYFIRMA - High severity Trojan File Hash Indicators with Block Action Rule	High	InitialAccess, Execution, Persistence, DefenseEvasion, CommandAndControl, CredentialAccess	`CyfirmaIndicators_CL`
CYFIRMA - High severity Trojan File Hash Indicators with Monitor Action Rule	High	InitialAccess, Execution, Persistence, DefenseEvasion, CommandAndControl, CredentialAccess	`CyfirmaIndicators_CL`
CYFIRMA - High severity Trojan Network Indicators - Block Recommended Rule	High	Impact, Persistence, DefenseEvasion, CredentialAccess, CommandAndControl, Execution, InitialAccess	`CyfirmaIndicators_CL`
CYFIRMA - High severity Trojan Network Indicators - Monitor Recommended Rule	High	Impact, Persistence, DefenseEvasion, CredentialAccess, CommandAndControl, Execution, InitialAccess	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Command & Control Network Indicators with Block Recommendation Rule	Medium	CommandAndControl, InitialAccess, Exfiltration	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Command & Control Network Indicators with Monitor Recommendation Rule	Medium	CommandAndControl, InitialAccess, Exfiltration	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity File Hash Indicators with Block Action Rule	Medium	Execution, InitialAccess, DefenseEvasion, Impact	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity File Hash Indicators with Block Action and Malware	Medium	InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, Impact	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity File Hash Indicators with Monitor Action Rule	Medium	Execution, InitialAccess, DefenseEvasion, Impact	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity File Hash Indicators with Monitor Action and Malware	Medium	DefenseEvasion, InitialAccess, Impact, Execution	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Malicious Network Indicators Associated with Malware - Block Recommended Rule	Medium	InitialAccess, Execution, CommandAndControl	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Malicious Network Indicators Associated with Malware - Monitor Recommended Rule	Medium	InitialAccess, Execution, CommandAndControl	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Malicious Network Indicators with Block Action Rule	Medium	InitialAccess, Execution, Reconnaissance, Impact	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Malicious Network Indicators with Monitor Action Rule	Medium	InitialAccess, Execution, Reconnaissance, Impact	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Malicious Phishing Network Indicators - Block Recommended Rule	Medium	InitialAccess, Execution, CredentialAccess, Exfiltration	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Malicious Phishing Network Indicators - Monitor Recommended Rule	Medium	InitialAccess, Execution, CredentialAccess, Exfiltration	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity TOR Node Network Indicators - Block Recommended Rule	Medium	CommandAndControl, Exfiltration, InitialAccess, Persistence, Reconnaissance	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity TOR Node Network Indicators - Monitor Recommended Rule	Medium	CommandAndControl, Exfiltration, InitialAccess, Persistence, Reconnaissance	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Trojan File Hash Indicators with Block Action Rule	Medium	InitialAccess, Execution, Persistence, DefenseEvasion, CommandAndControl, CredentialAccess	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Trojan File Hash Indicators with Monitor Action Rule	Medium	InitialAccess, Execution, Persistence, DefenseEvasion, CommandAndControl, CredentialAccess	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Trojan Network Indicators - Block Recommended Rule	Medium	Impact, Persistence, DefenseEvasion, CredentialAccess, CommandAndControl, Execution, InitialAccess	`CyfirmaIndicators_CL`
CYFIRMA - Medium severity Trojan Network Indicators - Monitor Recommended Rule	Medium	Impact, Persistence, DefenseEvasion, CredentialAccess, CommandAndControl, Execution, InitialAccess	`CyfirmaIndicators_CL`

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.2	04-09-2025	Bugs fixes to CCF Data Connector.
3.0.1	24-07-2025	Minor changes and New analytics rules added to CCF Data Connector.
3.0.0	17-06-2025	Initial Solution Release.