valimail-sentinel-enforce
Solution: ValimailEnforce
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Publisher | Valimail |
| Support Tier | Partner |
| Support Link | https://support.valimail.com |
| Categories | Security - Threat Protection |
| Version | 3.0.0 |
| Author | Valimail - support@valimail.com |
| First Published | 2026-03-31 |
| Last Updated | 2026-05-04 |
| Solution Folder | ValimailEnforce |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (77%) |
The Valimail API solution provides ability to bring the Valimail Configuration events to your Microsoft Sentinel Workspace to inform and to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Azure Monitor Logs: DCR-based Custom Logs
b. Codeless Connector Framework (CCF)
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
ValimailEnforceEvents_CL |
Valimail Enforce Configuration Events | Analytics, Hunting |
Content Items
This solution includes 8 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 4 |
| Hunting Queries | 4 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Valimail Enforce - DMARC Policy Weakened to None | High | DefenseEvasion, InitialAccess | ValimailEnforceEvents_CL |
| Valimail Enforce - Email Authentication Key Deleted | Medium | DefenseEvasion | ValimailEnforceEvents_CL |
| Valimail Enforce - High-Value User Management Event | High | Impact, PrivilegeEscalation | ValimailEnforceEvents_CL |
| Valimail Enforce - Unusual Rate of Configuration Changes or User Additions | Medium | Impact, DefenseEvasion, PrivilegeEscalation | ValimailEnforceEvents_CL |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Valimail Enforce - Bulk Domain Changes by Single User | Impact, DefenseEvasion | ValimailEnforceEvents_CL |
| Valimail Enforce - Configuration Change Rate Trend | Impact, DefenseEvasion, PrivilegeEscalation | ValimailEnforceEvents_CL |
| Valimail Enforce - DMARC Policy Change History | DefenseEvasion | ValimailEnforceEvents_CL |
| Valimail Enforce - High Value Event Summary | DefenseEvasion, Impact | ValimailEnforceEvents_CL |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.1 | 28-05-2026 | Fixed Data Connector publisher display name typo (Valimmail → Valimail) in the Sentinel UI. |
| 3.0.0 | 22-04-2026 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊