Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: KQL validation test schema
| Column Name | Type |
|---|---|
| AppVersion | string |
| AssignedCity | string |
| AssignedCountry | string |
| DeviationMinutes | int |
| DeviceId | string |
| EventType | string |
| IpAddress | string |
| IsWeekend | bool |
| LoginBlockingSeconds | int |
| LoginCity | string |
| LoginCountry | string |
| LoginTime | datetime |
| NewDeviceId | string |
| NewDeviceOS | string |
| PassedAttempts | int |
| RawEventId | string |
| Severity | string |
| TimeGenerated | datetime |
| UserId | string |
| WorkingHoursEnd | string |
| WorkingHoursStart | string |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| StealthTalk Anomalous Authentication |
In solution StealthTalk:
| Analytic Rule | Selection Criteria |
|---|---|
| StealthTalk - After hours work | |
| StealthTalk - Login outside work zone | |
| StealthTalk - Multi new devices registration | |
| StealthTalk - Password brute force |
In solution StealthTalk:
| Hunting Query | Selection Criteria |
|---|---|
| StealthTalk - Account takeover sequence | |
| StealthTalk - Brute force followed by suspicious access | |
| StealthTalk - Impossible travel |
In solution StealthTalk:
| Workbook | Selection Criteria |
|---|---|
| StealthTalkAnomalousAuthMonitor |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊