Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Flare marketplace results

Flare marketplace results

Back
Id9265ae4d-6bb0-4c18-961d-f7aae67d1546
RulenameFlare marketplace results
DescriptionThis query searches for underground markets and shops where illicit goods and services are bought and sold.
SeverityMedium
TacticsReconnaissance
TechniquesT1593
Required data connectorsFlare
KindScheduled
Query frequency1h
Query period1h
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareMarket.yaml
Version1.0.0
Arm template9265ae4d-6bb0-4c18-961d-f7aae67d1546.json
Deploy To Azure
FireworkV2_CL
| where notempty(uid) and RiskScore >= 3
| extend index_name = split(uid, "/")[0]
| where index_name == "listing"

status: Available
queryFrequency: 1h
queryPeriod: 1h
triggerOperator: gt
query: |
  FireworkV2_CL
  | where notempty(uid) and RiskScore >= 3
  | extend index_name = split(uid, "/")[0]
  | where index_name == "listing"  
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareMarket.yaml
tactics:
- Reconnaissance
triggerThreshold: 0
requiredDataConnectors:
- connectorId: Flare
  dataTypes:
  - FireworkV2_CL
kind: Scheduled
relevantTechniques:
- T1593
description: |
    'This query searches for underground markets and shops where illicit goods and services are bought and sold.'
name: Flare marketplace results
version: 1.0.0
id: 9265ae4d-6bb0-4c18-961d-f7aae67d1546
severity: Medium