Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Reconnaissance

Overview

Rule NameidRequired data connectors
API - API Scrapingd944d564-b6fa-470d-b5ab-41b341878c5e42CrunchAPIProtection
API - Invalid host access28500be7-cfcf-40e1-bad4-bc524e9283e242CrunchAPIProtection
API - Kiterunner detection421b38ec-4295-4aed-8299-c92e268ad66342CrunchAPIProtection
Suspicious AWS CLI Command Execution8c2dc344-9352-4ca1-8863-b1b7a5e09e59AWS
App Gateway WAF - Scanner Detection9b8dd8fd-f192-42eb-84f6-541920400a7aWAF
Rare client observed with high reverse DNS lookup count - Anomaly based (ASIM DNS Solution)0fe6bde4-b215-480c-99b4-84a96edcdbd7
Rare client observed with high reverse DNS lookup count - Static threshold based (ASIM DNS Solution)77b7c820-5f60-4779-8bdb-f06e21add5f1
Flare Cloud bucket result9cb7c337-f172-4af6-b0e8-b6b7552d762dFlare
Flare Darkweb result9cb7c337-f173-4af6-b0e8-b6b7552d762dFlare
Flare Google Dork result found9cb7c337-f174-4af6-b0e8-b6b7552d762dFlare
Flare Host result9cb7c337-f175-4af6-b0e8-b6b7552d762dFlare
Flare Paste result9cb7c337-f177-4af6-b0e8-b6b7552d762dFlare
Flare Source Code found9cb7c337-f178-4af6-b0e8-b6b7552d762dFlare
OCI - Multiple rejects on rare ports482c24b9-a700-4b2a-85d3-1c42110ba78cOracleCloudInfrastructureLogsConnector
OCI - SSH scannere087d4fb-af0b-4e08-a067-b9ba9e5f8840OracleCloudInfrastructureLogsConnector
PaloAlto - Possible port scan3575a9c0-51c9-11ec-bf63-0242ac130002PaloAltoCDL