Reconnaissance

Overview

Rule Name	id	Required data connectors
API - Anomaly Detection	2c59e609-e0a0-4e8e-adc5-ab4224be8a36	42CrunchAPIProtection
API - API Scraping	d944d564-b6fa-470d-b5ab-41b341878c5e	42CrunchAPIProtection
API - Invalid host access	28500be7-cfcf-40e1-bad4-bc524e9283e2	42CrunchAPIProtection
API - Kiterunner detection	421b38ec-4295-4aed-8299-c92e268ad663	42CrunchAPIProtection
Suspicious AWS CLI Command Execution	8c2dc344-9352-4ca1-8863-b1b7a5e09e59	AWS
App Gateway WAF - Scanner Detection	9b8dd8fd-f192-42eb-84f6-541920400a7a	WAF
BitSight - diligence risk category detected	161ed3ac-b242-4b13-8c6b-58716e5e9972	BitSight
BitSight - drop in company ratings	d8844f11-3a36-4b97-9062-1e6d57c00e37	BitSight
BitSight - drop in the headline rating	b11fdc35-6368-4cc0-8128-52cd2e2cdda0	BitSight
Compromised Cards	3db2904c-a93e-4ea5-a1bb-11b3ea5ec0bb	CBSPollingIDAzureFunctions
Domain Infringement	0faddbac-0004-40fa-9046-a1ead13e005a	CBSPollingIDAzureFunctions
Header: Web Server Exposed	d6793fa2-c1db-4323-9bdb-a1e8d1990f5c	HVPollingIDAzureFunctions
Phishing	c3771865-b647-46a7-9be5-a96c418cebc0	CBSPollingIDAzureFunctions
SPF Not Configured	f78c03ec-4397-42f6-9c51-a54421817fd8	HVPollingIDAzureFunctions
SPF Policy Set to Soft Fail	32f4eb88-0d23-4185-8579-f1645412e9de	HVPollingIDAzureFunctions
Subdomain Infringement	20ffc702-b7b2-4041-8f08-10ede8906cbf	CBSPollingIDAzureFunctions
Rare client observed with high reverse DNS lookup count - Anomaly based (ASIM DNS Solution)	0fe6bde4-b215-480c-99b4-84a96edcdbd7
Rare client observed with high reverse DNS lookup count - Static threshold based (ASIM DNS Solution)	77b7c820-5f60-4779-8bdb-f06e21add5f1
Flare Cloud bucket result	9cb7c337-f172-4af6-b0e8-b6b7552d762d	Flare
Flare Darkweb result	9cb7c337-f173-4af6-b0e8-b6b7552d762d	Flare
Flare Google Dork result found	9cb7c337-f174-4af6-b0e8-b6b7552d762d	Flare
Flare Host result	9cb7c337-f175-4af6-b0e8-b6b7552d762d	Flare
Flare Paste result	9cb7c337-f177-4af6-b0e8-b6b7552d762d	Flare
Flare Source Code found	9cb7c337-f178-4af6-b0e8-b6b7552d762d	Flare
Network Port Sweep from External Network (ASIM Network Session schema)	cd8faa84-4464-4b4e-96dc-b22f50c27541	AWSS3 MicrosoftThreatProtection SecurityEvents WindowsSecurityEvents WindowsForwardedEvents Zscaler MicrosoftSysmonForLinux PaloAltoNetworks AzureMonitor(VMInsights) AzureFirewall AzureNSG CiscoASA CiscoAsaAma Corelight AIVectraStream CheckPoint Fortinet CiscoMeraki
OCI - Multiple rejects on rare ports	482c24b9-a700-4b2a-85d3-1c42110ba78c	OracleCloudInfrastructureLogsConnector
OCI - SSH scanner	e087d4fb-af0b-4e08-a067-b9ba9e5f8840	OracleCloudInfrastructureLogsConnector
PaloAlto - Possible port scan	3575a9c0-51c9-11ec-bf63-0242ac130002	PaloAltoCDL PaloAltoCDLAma CefAma
Disks Alerts From Prancer	8c484ef9-d758-4827-9920-f4f77158f03e	PrancerLogData
Flow Logs Alerts for Prancer	59336232-1bbc-4f66-90dd-5ac3708e4405	PrancerLogData
NetworkSecurityGroups Alert From Prancer	a8babf91-b844-477c-8abf-d31e3df74933	PrancerLogData
PAC high severity	7caa1c03-d20b-42f2-ac95-5232f6e570da	PrancerLogData
Registries Alerts for Prancer	08706063-c15e-4d96-beae-9e8d92ccefbb	PrancerLogData
Sites Alerts for Prancer	bbeb2f26-cb99-4e4b-900f-24ce9809142d	PrancerLogData
Storage Accounts Alerts From Prancer	4adf2b5d-6b88-4b96-8cc2-a3c7fbbee10b	PrancerLogData
Subnets Alerts for Prancer	10be8f37-d83c-4b7e-81c2-1271c51ac09f	PrancerLogData
Vaults Alerts for Prancer	0b76eef3-5dc0-41b1-9f67-fffa7783f5f6	PrancerLogData
VirtualNetworkPeerings Alerts From Prancer	6bd031cf-78d0-4edd-8191-60f84b6eef7a	PrancerLogData
Virtual Machines Alerts for Prancer	c13b025c-ea31-4e4b-8e08-955b8fa91fa0	PrancerLogData
Theom Critical Risks	bb9051ef-0e72-4758-a143-80c25ee452f0	Theom
Theom High Risks	74b80987-0a62-448c-8779-47b02e17d3cf	Theom
Theom Insights	d200da84-0191-44ce-ad9e-b85e64c84c89	Theom
Theom Low Risks	cf7fb616-ac80-40ce-ad18-aa18912811f8	Theom
Theom Medium Risks	4cb34832-f73a-49f2-8d38-c2d135c5440b	Theom
Suspicious link sharing pattern	1218175f-c534-421c-8070-5dcaabf28067