⚠️ Egress Defend
⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | egress1589289169584 |
| Support Tier | Partner |
| Support Link | https://support.egress.com/s/ |
| Categories | domains |
| Version | 3.0.0 |
| Author | Egress - support@egress.com |
| First Published | 2023-07-27 |
| Solution Folder | Egress Defend |
Egress Defend for Microsoft Sentinel provides details of processed emails, including the type of phishing attack, payload type and information to show if the user interacted with the email in a positive (clicking on banners or submitting the phish sample) or negative (clicking on an unsafe URL) manner.
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
EgressDefend_CL 🔶 |
Egress Defend | Analytics, Hunting, Workbooks |
KnowBe4Defend_CL 🔶 |
Egress Defend | Analytics, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 5 content item(s) (4 in solution, 1 discovered 🔍):
| Content Type | Total | In Solution | Discovered |
|---|---|---|---|
| Analytic Rules | 2 | 2 | - |
| Hunting Queries | 1 | 1 | - |
| Workbooks | 1 | 1 | - |
| Parsers | 1 | 0 | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Egress Defend - Dangerous Attachment Detected | Medium | Execution, InitialAccess, Persistence, PrivilegeEscalation | EgressDefend_CLKnowBe4Defend_CL |
| Egress Defend - Dangerous Link Click | Medium | Execution | EgressDefend_CLKnowBe4Defend_CL |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Dangerous emails with links clicked | Collection | EgressDefend_CL |
Workbooks
| Name | Tables Used |
|---|---|
| DefendMetrics | EgressDefend_CLKnowBe4Defend_CL |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| DefendAuditData ⚠️ | - | EgressDefend_CL (read) |
⚠️ Items marked with ⚠️ are not listed in the Solution JSON file. They were discovered by scanning the solution folder and may be legacy items, under development, or excluded from the official solution package.
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 02-08-2023 | Initial Solution Release. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊