Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Threats detected by Eset

Threats detected by Eset

Back
Id2d8a60aa-c15e-442e-9ce3-ee924889d2a6
RulenameThreats detected by Eset
DescriptionEscalates threats detected by Eset.
SeverityLow
TacticsExecution
CredentialAccess
PrivilegeEscalation
TechniquesT1204
T1212
T1548
Required data connectorsEsetSMC
KindScheduled
Query frequency5m
Query period5m
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Eset Security Management Center/Analytic Rules/eset-threats.yaml
Version1.0.1
Arm template2d8a60aa-c15e-442e-9ce3-ee924889d2a6.json
Deploy To Azure
eset_CL
| where event_type_s == "Threat_Event"
| extend HostCustomEntity = hostname_s, AccountCustomEntity = username_s, IPCustomEntity = ipv4_s

name: Threats detected by Eset
id: 2d8a60aa-c15e-442e-9ce3-ee924889d2a6
description: |
    'Escalates threats detected by Eset.'
triggerThreshold: 0
entityMappings:
- fieldMappings:
  - columnName: AccountCustomEntity
    identifier: FullName
  entityType: Account
- fieldMappings:
  - columnName: HostCustomEntity
    identifier: FullName
  entityType: Host
- fieldMappings:
  - columnName: IPCustomEntity
    identifier: Address
  entityType: IP
version: 1.0.1
triggerOperator: gt
query: |
  eset_CL
  | where event_type_s == "Threat_Event"
  | extend HostCustomEntity = hostname_s, AccountCustomEntity = username_s, IPCustomEntity = ipv4_s  
tactics:
- Execution
- CredentialAccess
- PrivilegeEscalation
kind: Scheduled
queryFrequency: 5m
severity: Low
queryPeriod: 5m
requiredDataConnectors:
- dataTypes:
  - eset_CL
  connectorId: EsetSMC
status: Available
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Eset Security Management Center/Analytic Rules/eset-threats.yaml
relevantTechniques:
- T1204
- T1212
- T1548