Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Flare Google Dork result found

Flare Google Dork result found

Back
Id9cb7c337-f174-4af6-b0e8-b6b7552d762d
RulenameFlare Google Dork result found
DescriptionResults using a dork on google was found
SeverityMedium
TacticsReconnaissance
TechniquesT1593
Required data connectorsFlare
KindScheduled
Query frequency1h
Query period1h
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareDork.yaml
Version1.0.1
Arm template9cb7c337-f174-4af6-b0e8-b6b7552d762d.json
Deploy To Azure
Firework_CL
| where source_s contains "google_search" and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")

relevantTechniques:
- T1593
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Flare/Analytic Rules/FlareDork.yaml
query: |
  Firework_CL
  | where source_s contains "google_search" and (risk_score_d == "3" or risk_score_d == "4" or risk_score_d == "5")  
description: |
    'Results using a dork on google was found'
requiredDataConnectors:
- connectorId: Flare
  dataTypes:
  - Firework_CL
triggerOperator: gt
name: Flare Google Dork result found
queryPeriod: 1h
triggerThreshold: 0
id: 9cb7c337-f174-4af6-b0e8-b6b7552d762d
status: Available
kind: Scheduled
severity: Medium
queryFrequency: 1h
tactics:
- Reconnaissance
version: 1.0.1