Reconnaissance
| Rule Name | id | Required data connectors |
|---|---|---|
| API - API Scraping | d944d564-b6fa-470d-b5ab-41b341878c5e | 42CrunchAPIProtection |
| API - Invalid host access | 28500be7-cfcf-40e1-bad4-bc524e9283e2 | 42CrunchAPIProtection |
| API - Kiterunner detection | 421b38ec-4295-4aed-8299-c92e268ad663 | 42CrunchAPIProtection |
| Suspicious AWS CLI Command Execution | 8c2dc344-9352-4ca1-8863-b1b7a5e09e59 | AWS |
| App Gateway WAF - Scanner Detection | 9b8dd8fd-f192-42eb-84f6-541920400a7a | WAF |
| Phishing | c3771865-b647-46a7-9be5-a96c418cebc0 | CBSPollingIDAzureFunctions |
| Rare client observed with high reverse DNS lookup count - Anomaly based (ASIM DNS Solution) | 0fe6bde4-b215-480c-99b4-84a96edcdbd7 | |
| Rare client observed with high reverse DNS lookup count - Static threshold based (ASIM DNS Solution) | 77b7c820-5f60-4779-8bdb-f06e21add5f1 | |
| Flare Cloud bucket result | 9cb7c337-f172-4af6-b0e8-b6b7552d762d | Flare |
| Flare Darkweb result | 9cb7c337-f173-4af6-b0e8-b6b7552d762d | Flare |
| Flare Google Dork result found | 9cb7c337-f174-4af6-b0e8-b6b7552d762d | Flare |
| Flare Host result | 9cb7c337-f175-4af6-b0e8-b6b7552d762d | Flare |
| Flare Paste result | 9cb7c337-f177-4af6-b0e8-b6b7552d762d | Flare |
| Flare Source Code found | 9cb7c337-f178-4af6-b0e8-b6b7552d762d | Flare |
| OCI - Multiple rejects on rare ports | 482c24b9-a700-4b2a-85d3-1c42110ba78c | OracleCloudInfrastructureLogsConnector |
| OCI - SSH scanner | e087d4fb-af0b-4e08-a067-b9ba9e5f8840 | OracleCloudInfrastructureLogsConnector |
| PaloAlto - Possible port scan | 3575a9c0-51c9-11ec-bf63-0242ac130002 | PaloAltoCDL PaloAltoCDLAma |
| Disks Alerts From Prancer | 8c484ef9-d758-4827-9920-f4f77158f03e | PrancerLogData |
| Flow Logs Alerts for Prancer | 59336232-1bbc-4f66-90dd-5ac3708e4405 | PrancerLogData |
| NetworkSecurityGroups Alert From Prancer | a8babf91-b844-477c-8abf-d31e3df74933 | PrancerLogData |
| PAC high severity | 7caa1c03-d20b-42f2-ac95-5232f6e570da | PrancerLogData |
| Registries Alerts for Prancer | 08706063-c15e-4d96-beae-9e8d92ccefbb | PrancerLogData |
| Sites Alerts for Prancer | bbeb2f26-cb99-4e4b-900f-24ce9809142d | PrancerLogData |
| Storage Accounts Alerts From Prancer | 4adf2b5d-6b88-4b96-8cc2-a3c7fbbee10b | PrancerLogData |
| Subnets Alerts for Prancer | 10be8f37-d83c-4b7e-81c2-1271c51ac09f | PrancerLogData |
| Vaults Alerts for Prancer | 0b76eef3-5dc0-41b1-9f67-fffa7783f5f6 | PrancerLogData |
| VirtualNetworkPeerings Alerts From Prancer | 6bd031cf-78d0-4edd-8191-60f84b6eef7a | PrancerLogData |
| Virtual Machines Alerts for Prancer | c13b025c-ea31-4e4b-8e08-955b8fa91fa0 | PrancerLogData |