Ubiquiti_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Ingestion API Supported ✓ Yes

Contents

Solutions (2)

This table is used by the following solutions:

Connectors (2)

This table is ingested by the following connectors:

Connector Selection Criteria
Custom logs via AMA
[Deprecated] Ubiquiti UniFi

Content Items Using This Table (21)

Analytic Rules (10)

In solution Ubiquiti UniFi:

Analytic Rule Selection Criteria
Ubiquiti - Connection to known malicious IP or C2
Ubiquiti - Large ICMP to external server
Ubiquiti - Possible connection to cryptominning pool
Ubiquiti - RDP from external source
Ubiquiti - SSH from external source
Ubiquiti - Unknown MAC Joined AP
Ubiquiti - Unusual DNS connection
Ubiquiti - Unusual FTP connection to external server
Ubiquiti - Unusual traffic
Ubiquiti - connection to non-corporate DNS server

Hunting Queries (10)

In solution Ubiquiti UniFi:

Hunting Query Selection Criteria
Ubiquiti - DNS requests timed out
Ubiquiti - Hidden internal DNS server
Ubiquiti - Rare internal ports
Ubiquiti - Top blocked destinations
Ubiquiti - Top blocked external services
Ubiquiti - Top blocked internal services
Ubiquiti - Top blocked sources
Ubiquiti - Top firewall rules
Ubiquiti - Unusual number of subdomains for top level domain (TLD)
Ubiquiti - Vulnerable devices

Workbooks (1)

In solution Ubiquiti UniFi:

Workbook Selection Criteria
Ubiquiti

Parsers Using This Table (1)

Other Parsers (1)

Parser Solution Selection Criteria
UbiquitiAuditEvent Ubiquiti UniFi

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index