Radiflow OT/ICS Threat and Anomaly Detection Connector for Microsoft Sentinel
Solution: Radiflow
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Radiflow |
| Support Tier | Partner |
| Support Link | https://www.radiflow.com |
| Categories | domains |
| Version | 3.0.0 |
| Author | Radiflow - support@radiflow.com |
| First Published | 2024-06-26 |
| Solution Folder | Radiflow |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
The Radiflow solution for Microsoft Sentinel enables ingestion of iSID events into Microsoft Sentinel.
- Radiflow iSID via AMA - This data connector helps in ingesting Radiflow logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent here. Microsoft recommends using this Data Connector.
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
CommonSecurityLog |
Radiflow iSID via AMA | Analytics |
Content Items
This solution includes 9 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 8 |
| Parsers | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Radiflow - Exploit Detected | High | InitialAccess, PrivilegeEscalation, LateralMovement | CommonSecurityLog |
| Radiflow - Network Scanning Detected | High | Discovery | CommonSecurityLog |
| Radiflow - New Activity Detected | Medium | InitialAccess | CommonSecurityLog |
| Radiflow - Platform Alert | Medium | PrivilegeEscalation, Execution, CommandAndControl, Exfiltration, LateralMovement, ImpairProcessControl, InhibitResponseFunction, InitialAccess | CommonSecurityLog |
| Radiflow - Policy Violation Detected | Medium | LateralMovement, ImpairProcessControl, Execution, Collection, Persistence | CommonSecurityLog |
| Radiflow - Suspicious Malicious Activity Detected | High | DefenseEvasion, InhibitResponseFunction | CommonSecurityLog |
| Radiflow - Unauthorized Command in Operational Device | Medium | Execution, LateralMovement, InhibitResponseFunction, ImpairProcessControl | CommonSecurityLog |
| Radiflow - Unauthorized Internet Access | Medium | InitialAccess, Impact | CommonSecurityLog |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| RadiflowEvent | - | CommonSecurityLog (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 18-05-2024 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊