FireworkV2_CL
| where notempty(data.new_leaks) and tolower(source) != 'stealer_logs_samples'
triggerOperator: gt
queryFrequency: 1h
requiredDataConnectors:
- connectorId: Flare
dataTypes:
- FireworkV2_CL
relevantTechniques:
- T1110
query: |
FireworkV2_CL
| where notempty(data.new_leaks) and tolower(source) != 'stealer_logs_samples'
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareCredentialLeaks.yaml
queryPeriod: 1h
name: Flare Leaked Credentials
status: Available
kind: Scheduled
description: |
'Searches for Flare Leaked Credentials'
id: 9cb7c337-f170-4af6-b0e8-b6b7552d762d
version: 2.0.0
tactics:
- CredentialAccess
severity: Medium