Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Flare Google Dork result found

Flare Google Dork result found

Back
Id9cb7c337-f174-4af6-b0e8-b6b7552d762d
RulenameFlare Google Dork result found
DescriptionResults using a dork on google was found
SeverityMedium
TacticsReconnaissance
TechniquesT1593
Required data connectorsFlare
KindScheduled
Query frequency1h
Query period1h
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareDork.yaml
Version2.0.0
Arm template9cb7c337-f174-4af6-b0e8-b6b7552d762d.json
Deploy To Azure
FireworkV2_CL
| where tolower(source) contains "google_search" and (RiskScore == 3 or RiskScore == 4 or RiskScore == 5)

description: |
    'Results using a dork on google was found'
version: 2.0.0
tactics:
- Reconnaissance
queryFrequency: 1h
query: |
  FireworkV2_CL
  | where tolower(source) contains "google_search" and (RiskScore == 3 or RiskScore == 4 or RiskScore == 5)  
status: Available
triggerOperator: gt
kind: Scheduled
triggerThreshold: 0
relevantTechniques:
- T1593
id: 9cb7c337-f174-4af6-b0e8-b6b7552d762d
queryPeriod: 1h
severity: Medium
name: Flare Google Dork result found
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareDork.yaml
requiredDataConnectors:
- dataTypes:
  - FireworkV2_CL
  connectorId: Flare