Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Reconnaissance

Overview

Rule NameidRequired data connectors
API - API Scrapingd944d564-b6fa-470d-b5ab-41b341878c5e42CrunchAPIProtection
API - Invalid host access28500be7-cfcf-40e1-bad4-bc524e9283e242CrunchAPIProtection
API - Kiterunner detection421b38ec-4295-4aed-8299-c92e268ad66342CrunchAPIProtection
Rare client observed with high reverse DNS lookup count - Anomaly based (ASIM DNS Solution)0fe6bde4-b215-480c-99b4-84a96edcdbd7ASimDnsActivityLogs
GCPDNSDataConnector
AzureFirewall
CiscoUmbrellaDataConnector
Corelight
InfobloxNIOS
NXLogDnsLogs
DNS
AIVectraStream
WindowsForwardedEvents
Zscaler
ISCBind
Rare client observed with high reverse DNS lookup count - Static threshold based (ASIM DNS Solution)77b7c820-5f60-4779-8bdb-f06e21add5f1ASimDnsActivityLogs
GCPDNSDataConnector
AzureFirewall
CiscoUmbrellaDataConnector
Corelight
InfobloxNIOS
NXLogDnsLogs
DNS
AIVectraStream
WindowsForwardedEvents
Zscaler
ISCBind
OCI - Multiple rejects on rare ports482c24b9-a700-4b2a-85d3-1c42110ba78cOracleCloudInfrastructureLogsConnector
OCI - SSH scannere087d4fb-af0b-4e08-a067-b9ba9e5f8840OracleCloudInfrastructureLogsConnector
PaloAlto - Possible port scan3575a9c0-51c9-11ec-bf63-0242ac130002PaloAltoCDL