Theom Insights

Back


Id	d200da84-0191-44ce-ad9e-b85e64c84c89
Rulename	Theom Insights
Description	“Creates Microsoft Sentinel incidents for Theom insight alerts.”
Severity	Low
Tactics	Collection CommandAndControl CredentialAccess DefenseEvasion Discovery Exfiltration Impact Reconnaissance
Techniques	T1592 T1589 T1070 T1552 T1619 T1119 T1560 T1530 T1213 T1001 T1041 T1537 T1485 T1486 T1565
Required data connectors	Theom
Kind	Scheduled
Query frequency	5m
Query period	5m
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksInsights.yaml
Version	1.0.2
Arm template	d200da84-0191-44ce-ad9e-b85e64c84c89.json

KQL

TheomAlerts_CL
 | where priority_s == "P5"

YAML

tactics:
- Collection
- CommandAndControl
- CredentialAccess
- DefenseEvasion
- Discovery
- Exfiltration
- Impact
- Reconnaissance
query: |
  TheomAlerts_CL
   | where priority_s == "P5"  
requiredDataConnectors:
- dataTypes:
  - TheomAlerts_CL
  connectorId: Theom
name: Theom Insights
alertDetailsOverride:
  alertDisplayNameFormat: 'Theom Alert ID: {{id_s}} '
  alertDescriptionFormat: |2

    Summary: {{summary_s}}  
    Additional info: {{details_s}}
    Resource ID: {{customProps_AssetName_s}}
kind: Scheduled
queryPeriod: 5m
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksInsights.yaml
eventGroupingSettings:
  aggregationKind: AlertPerResult
triggerThreshold: 0
description: |
    "Creates Microsoft Sentinel incidents for Theom insight alerts."
version: 1.0.2
status: Available
queryFrequency: 5m
severity: Low
entityMappings:
- entityType: CloudApplication
  fieldMappings:
  - identifier: Name
    columnName: customProps_AssetName_s
- entityType: URL
  fieldMappings:
  - identifier: Url
    columnName: deepLink_s
triggerOperator: gt
id: d200da84-0191-44ce-ad9e-b85e64c84c89
relevantTechniques:
- T1592
- T1589
- T1070
- T1552
- T1619
- T1119
- T1560
- T1530
- T1213
- T1001
- T1041
- T1537
- T1485
- T1486
- T1565

ARM