API - JWT validation

apifirewall_log_1_CL 
| where TimeGenerated >= ago(5m) 
| where Error_Message_s has "missing [\"x-access-token\"]" 
| project-away Non_blocking_mode_b, Source_Port_d, Destination_Port_d, Query_s, API_ID_g, Response_Header_s, Request_Header_s, Errors_s, Type, UUID_g 
| sort by TimeGenerated desc 

description: |
    '42Crunch API protection against JWT validation'
kind: Scheduled
tactics:
- InitialAccess
- CredentialAccess
requiredDataConnectors:
- connectorId: 42CrunchAPIProtection
  dataTypes:
  - apifirewall_log_1_CL
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/42Crunch API Protection/Analytic Rules/APIJWTValidation.yaml
severity: Low
name: API - JWT validation
customDetails: 
triggerThreshold: 0
queryPeriod: 5m
query: |
  apifirewall_log_1_CL 
  | where TimeGenerated >= ago(5m) 
  | where Error_Message_s has "missing [\"x-access-token\"]" 
  | project-away Non_blocking_mode_b, Source_Port_d, Destination_Port_d, Query_s, API_ID_g, Response_Header_s, Request_Header_s, Errors_s, Type, UUID_g 
  | sort by TimeGenerated desc   
relevantTechniques:
- T1190
- T1528
id: bbd163f4-1f56-434f-9c23-b06713c119c2
queryFrequency: 5m
status: Available
version: 1.0.1
triggerOperator: gt
eventGroupingSettings:
  aggregationKind: SingleAlert
entityMappings:
- entityType: IP
  fieldMappings:
  - columnName: Source_IP_s
    identifier: Address
- entityType: Host
  fieldMappings:
  - columnName: Hostname_s
    identifier: HostName
- entityType: Account
  fieldMappings:
  - columnName: Instance_Name_s
    identifier: FullName