Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Header HTTP Strict Transport Security Missing

Header HTTP Strict Transport Security Missing

Back
Ida3efb9ff-14a4-42ef-b019-0b9cbe5d3888
RulenameHeader: HTTP Strict Transport Security Missing
DescriptionHeader: HTTP Strict Transport Security Missing
SeverityMedium
TacticsCredentialAccess
Collection
TechniquesT1557
Required data connectorsHVPollingIDAzureFunctions
KindScheduled
Query frequency5m
Query period5m
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/CTM360/Analytic Rules/HeaderHTTPStrictTransportSecurityMissing.yaml
Version1.0.3
Arm templatea3efb9ff-14a4-42ef-b019-0b9cbe5d3888.json
Deploy To Azure
HackerViewLog_Azure_1_CL | where severity_s == "medium" | where progress_status_s == "New" | where status_s != "inactive"  | where issue_name_s == "Header: HTTP Strict Transport Security Missing"

eventGroupingSettings:
  aggregationKind: SingleAlert
triggerThreshold: 0
entityMappings:
- entityType: IP
  fieldMappings:
  - identifier: Address
    columnName: meta_resolved_ip_s
- entityType: Host
  fieldMappings:
  - identifier: HostName
    columnName: meta_host_s
- entityType: URL
  fieldMappings:
  - identifier: Url
    columnName: hackerview_link_s
requiredDataConnectors:
- dataTypes:
  - HackerViewLog_Azure_1_CL
  connectorId: HVPollingIDAzureFunctions
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/CTM360/Analytic Rules/HeaderHTTPStrictTransportSecurityMissing.yaml
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    enabled: false
    reopenClosedIncident: false
    matchingMethod: AllEntities
    lookbackDuration: PT5H
version: 1.0.3
name: 'Header: HTTP Strict Transport Security Missing'
relevantTechniques:
- T1557
status: Available
suppressionEnabled: false
queryPeriod: 5m
kind: Scheduled
id: a3efb9ff-14a4-42ef-b019-0b9cbe5d3888
query: 'HackerViewLog_Azure_1_CL | where severity_s == "medium" | where progress_status_s == "New" | where status_s != "inactive"  | where issue_name_s == "Header: HTTP Strict Transport Security Missing"'
description: |
    'Header: HTTP Strict Transport Security Missing'
queryFrequency: 5m
severity: Medium
triggerOperator: gt
tactics:
- CredentialAccess
- Collection
suppressionDuration: 5h