Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Flare google dork results

Flare google dork results

Back
Id9cb7c337-f174-4af6-b0e8-b6b7552d762d
RulenameFlare google dork results
DescriptionThis query searches for Google dork search results that indicate publicly accessible information about your organization.
SeverityMedium
TacticsReconnaissance
TechniquesT1593
Required data connectorsFlare
KindScheduled
Query frequency1h
Query period1h
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareDork.yaml
Version3.0.0
Arm template9cb7c337-f174-4af6-b0e8-b6b7552d762d.json
Deploy To Azure
FireworkV2_CL
| where notempty(uid) and RiskScore >= 3
| extend index_name = split(uid, "/")[0]
| extend category_name = split(uid, "/")[1]
| where (index_name == "driller_google") or (index_name == "driller" and category_name contains "google")

tactics:
- Reconnaissance
requiredDataConnectors:
- dataTypes:
  - FireworkV2_CL
  connectorId: Flare
id: 9cb7c337-f174-4af6-b0e8-b6b7552d762d
severity: Medium
status: Available
query: |
  FireworkV2_CL
  | where notempty(uid) and RiskScore >= 3
  | extend index_name = split(uid, "/")[0]
  | extend category_name = split(uid, "/")[1]
  | where (index_name == "driller_google") or (index_name == "driller" and category_name contains "google")  
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareDork.yaml
kind: Scheduled
queryPeriod: 1h
version: 3.0.0
name: Flare google dork results
queryFrequency: 1h
triggerThreshold: 0
relevantTechniques:
- T1593
description: |
    'This query searches for Google dork search results that indicate publicly accessible information about your organization.'
triggerOperator: gt