Social Engineering Vulnerability Informational

Back


Id	8044bb0c-e3d2-4ffa-8e58-d3aa72d84d04
Rulename	Social Engineering Vulnerability (Informational)
Description	New Social Engineering Vulnerability with severity Informational found
Severity	Informational
Tactics	Execution
Techniques	T1203
Required data connectors	CBSPollingIDAzureFunctions
Kind	Scheduled
Query frequency	5m
Query period	5m
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/CTM360/Analytic Rules/se_vulnerability_informational.yaml
Version	1.0.1
Arm template	8044bb0c-e3d2-4ffa-8e58-d3aa72d84d04.json

KQL

CBSLog_Azure_1_CL | where severity_s == "Informational" | where type_s == "Se Vulnerability" | where status_s != "Closed" or status_s != "Resolved"

YAML

kind: Scheduled
triggerThreshold: 0
id: 8044bb0c-e3d2-4ffa-8e58-d3aa72d84d04
tactics:
- Execution
description: New Social Engineering Vulnerability with severity Informational found
suppressionEnabled: false
requiredDataConnectors:
- dataTypes:
  - CBSLog_Azure_1_CL
  connectorId: CBSPollingIDAzureFunctions
queryPeriod: 5m
version: 1.0.1
severity: Informational
eventGroupingSettings:
  aggregationKind: SingleAlert
queryFrequency: 5m
relevantTechniques:
- T1203
status: Available
name: Social Engineering Vulnerability  (Informational)
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/CTM360/Analytic Rules/se_vulnerability_informational.yaml
triggerOperator: gt
incidentConfiguration:
  groupingConfiguration:
    matchingMethod: AllEntities
    reopenClosedIncident: false
    enabled: false
    lookbackDuration: PT5H
  createIncident: true
suppressionDuration: 5h
query: CBSLog_Azure_1_CL | where severity_s == "Informational" | where type_s == "Se Vulnerability" | where status_s != "Closed" or status_s != "Resolved"

ARM