Reconnaissance
Rule Name | id | Required data connectors |
---|---|---|
API - Anomaly Detection | 2c59e609-e0a0-4e8e-adc5-ab4224be8a36 | 42CrunchAPIProtection |
API - API Scraping | d944d564-b6fa-470d-b5ab-41b341878c5e | 42CrunchAPIProtection |
API - Invalid host access | 28500be7-cfcf-40e1-bad4-bc524e9283e2 | 42CrunchAPIProtection |
API - Kiterunner detection | 421b38ec-4295-4aed-8299-c92e268ad663 | 42CrunchAPIProtection |
Suspicious AWS CLI Command Execution | 8c2dc344-9352-4ca1-8863-b1b7a5e09e59 | AWS |
App Gateway WAF - Scanner Detection | 9b8dd8fd-f192-42eb-84f6-541920400a7a | WAF |
BitSight - diligence risk category detected | 161ed3ac-b242-4b13-8c6b-58716e5e9972 | BitSight |
BitSight - drop in company ratings | d8844f11-3a36-4b97-9062-1e6d57c00e37 | BitSight |
BitSight - drop in the headline rating | b11fdc35-6368-4cc0-8128-52cd2e2cdda0 | BitSight |
Compromised Cards | 3db2904c-a93e-4ea5-a1bb-11b3ea5ec0bb | CBSPollingIDAzureFunctions |
Domain Infringement | 0faddbac-0004-40fa-9046-a1ead13e005a | CBSPollingIDAzureFunctions |
Header: Web Server Exposed | d6793fa2-c1db-4323-9bdb-a1e8d1990f5c | HVPollingIDAzureFunctions |
Phishing | c3771865-b647-46a7-9be5-a96c418cebc0 | CBSPollingIDAzureFunctions |
SPF Not Configured | f78c03ec-4397-42f6-9c51-a54421817fd8 | HVPollingIDAzureFunctions |
SPF Policy Set to Soft Fail | 32f4eb88-0d23-4185-8579-f1645412e9de | HVPollingIDAzureFunctions |
Subdomain Infringement | 20ffc702-b7b2-4041-8f08-10ede8906cbf | CBSPollingIDAzureFunctions |
Rare client observed with high reverse DNS lookup count - Anomaly based (ASIM DNS Solution) | 0fe6bde4-b215-480c-99b4-84a96edcdbd7 | |
Rare client observed with high reverse DNS lookup count - Static threshold based (ASIM DNS Solution) | 77b7c820-5f60-4779-8bdb-f06e21add5f1 | |
Flare Cloud bucket result | 9cb7c337-f172-4af6-b0e8-b6b7552d762d | Flare |
Flare Darkweb result | 9cb7c337-f173-4af6-b0e8-b6b7552d762d | Flare |
Flare Google Dork result found | 9cb7c337-f174-4af6-b0e8-b6b7552d762d | Flare |
Flare Host result | 9cb7c337-f175-4af6-b0e8-b6b7552d762d | Flare |
Flare Paste result | 9cb7c337-f177-4af6-b0e8-b6b7552d762d | Flare |
Flare Source Code found | 9cb7c337-f178-4af6-b0e8-b6b7552d762d | Flare |
Dataverse - Suspicious use of Web API | 8a6ecba2-ccfe-4c8c-b086-fa3e6ff7fa86 | Dataverse AzureActiveDirectory |
Network Port Sweep from External Network (ASIM Network Session schema) | cd8faa84-4464-4b4e-96dc-b22f50c27541 | AWSS3 MicrosoftThreatProtection SecurityEvents WindowsSecurityEvents WindowsForwardedEvents Zscaler MicrosoftSysmonForLinux PaloAltoNetworks AzureMonitor(VMInsights) AzureFirewall AzureNSG CiscoASA CiscoAsaAma Corelight AIVectraStream CheckPoint Fortinet CiscoMeraki |
OCI - Multiple rejects on rare ports | 482c24b9-a700-4b2a-85d3-1c42110ba78c | OracleCloudInfrastructureLogsConnector |
OCI - SSH scanner | e087d4fb-af0b-4e08-a067-b9ba9e5f8840 | OracleCloudInfrastructureLogsConnector |
PaloAlto - Possible port scan | 3575a9c0-51c9-11ec-bf63-0242ac130002 | CefAma |
Disks Alerts From Prancer | 8c484ef9-d758-4827-9920-f4f77158f03e | PrancerLogData |
Flow Logs Alerts for Prancer | 59336232-1bbc-4f66-90dd-5ac3708e4405 | PrancerLogData |
NetworkSecurityGroups Alert From Prancer | a8babf91-b844-477c-8abf-d31e3df74933 | PrancerLogData |
PAC high severity | 7caa1c03-d20b-42f2-ac95-5232f6e570da | PrancerLogData |
Registries Alerts for Prancer | 08706063-c15e-4d96-beae-9e8d92ccefbb | PrancerLogData |
Sites Alerts for Prancer | bbeb2f26-cb99-4e4b-900f-24ce9809142d | PrancerLogData |
Storage Accounts Alerts From Prancer | 4adf2b5d-6b88-4b96-8cc2-a3c7fbbee10b | PrancerLogData |
Subnets Alerts for Prancer | 10be8f37-d83c-4b7e-81c2-1271c51ac09f | PrancerLogData |
Vaults Alerts for Prancer | 0b76eef3-5dc0-41b1-9f67-fffa7783f5f6 | PrancerLogData |
VirtualNetworkPeerings Alerts From Prancer | 6bd031cf-78d0-4edd-8191-60f84b6eef7a | PrancerLogData |
Virtual Machines Alerts for Prancer | c13b025c-ea31-4e4b-8e08-955b8fa91fa0 | PrancerLogData |
Theom Critical Risks | bb9051ef-0e72-4758-a143-80c25ee452f0 | Theom |
Theom High Risks | 74b80987-0a62-448c-8779-47b02e17d3cf | Theom |
Theom Insights | d200da84-0191-44ce-ad9e-b85e64c84c89 | Theom |
Theom Low Risks | cf7fb616-ac80-40ce-ad18-aa18912811f8 | Theom |
Theom Medium Risks | 4cb34832-f73a-49f2-8d38-c2d135c5440b | Theom |
Suspicious link sharing pattern | 1218175f-c534-421c-8070-5dcaabf28067 |