Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

ResourceDevelopment

Overview

Rule NameidRequired data connectors
Unauthorized EC2 Instance Setup Attemptf7210a45-12a4-4d02-b59e-f23476827a4bAWS
Cisco SDWAN - Maleware Eventscb14defd-3415-4420-a2e4-2dd0f3e07a86CiscoSDWAN
Brand Abuse6e9e1975-6d85-4387-bd30-3881c66e302eCBSPollingIDAzureFunctions
Doorway Page (High)4ae3be36-0c07-4e51-9765-1ab446e937f2CBSPollingIDAzureFunctions
Doorway Page (Informational)7de074aa-de27-4129-8638-e10a5a15f9ccCBSPollingIDAzureFunctions
Doorway Page (Low)b011ec39-4dc1-44a2-96ef-e1c6ef4e17b4CBSPollingIDAzureFunctions
Doorway Page (Medium)2c8d6d6e-5d56-4d2f-9e1d-a79319f85b3fCBSPollingIDAzureFunctions
Exposed Misconfiguration (High)71ce7988-130e-42d6-82ea-a687c13011b2CBSPollingIDAzureFunctions
Exposed Misconfiguration (Informational)833b5430-9454-41f8-96ac-bf77e67df53bCBSPollingIDAzureFunctions
Exposed Misconfiguration (Low)ba25d152-3741-4564-b9dd-1f0afe7829ffCBSPollingIDAzureFunctions
Exposed Misconfiguration (Medium)6e343c15-d718-435c-a64d-37f4a408c7c2CBSPollingIDAzureFunctions
Exposed Email Addressb25aae75-d333-4b77-a7c1-b24644dc1e1fCBSPollingIDAzureFunctions
Exposed User List2caf81cf-a419-4d56-91da-67368f2e73d2HVPollingIDAzureFunctions
Suspicious Mobile App High6e9afac9-6828-486f-b1d8-cf76e86e1224CBSPollingIDAzureFunctions
Suspicious Mobile App INFO18155351-23b6-4684-bca6-23c11e4ff5c1CBSPollingIDAzureFunctions
CYFIRMA - Attack Surface - Weak Certificate Exposure - High Rule3b5a1c0e-7f3a-4d47-8416-6c0b8b91e9ceCyfirmaAttackSurfaceAlertsConnector
CYFIRMA - Attack Surface - Weak Certificate Exposure - Medium Rule5a617ff2-3e3d-44e7-b761-9f0d542ae191CyfirmaAttackSurfaceAlertsConnector
CYFIRMA - Brand Intelligence - Domain Impersonation High Rule10bdf525-5b89-4a25-933a-e63e73b915f1CyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Domain Impersonation Medium Rule8f97ddbe-ab66-4f6c-b675-73b5eeb07259CyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Executive/People Impersonation High Rule159d26a1-591c-4f70-b1ca-2843c881aaecCyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Executive/People Impersonation Medium Rule59aa22f2-5b4f-4679-b289-003228255413CyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Malicious Mobile App High Rule3176ac89-b195-48b7-a01e-740a6b26fb2fCyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Malicious Mobile App Medium Ruleb73e6628-d44c-4ad3-a801-ea225c5744eeCyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Product/Solution High Rule3a9a81bc-2f41-4d68-9cd1-7788326c92b1CyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Product/Solution Medium Rule458d964f-d039-4ce0-9741-0b6245ba3374CyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Social Media Handle Impersonation Detected High Rule22f49d67-7da7-4809-8d07-89e4478aa6b0CyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Brand Intelligence - Social Media Handle Impersonation Detected Medium Rule710f4755-490d-4fa7-aef0-43b5a66edc7bCyfirmaBrandIntelligenceAlertsDC
CYFIRMA - Social and Public Exposure - Social Media Threats Activity Detected Rule4fe04459-13f1-4ff7-9b7c-f9be0c2aad6dCyfirmaDigitalRiskAlertsConnector
CYFIRMA - Social and Public Exposure - Social Media Threats Activity Detected Ruleb8149f2f-54da-4f7b-98e1-c01ca47e1e55CyfirmaDigitalRiskAlertsConnector
CYFIRMA - Social and Public Exposure - Source Code Exposure on Public Repositories Rule42e6f16a-7773-44cc-8668-8f648bd1aa4fCyfirmaDigitalRiskAlertsConnector
CYFIRMA - Social and Public Exposure - Source Code Exposure on Public Repositories Rule28e315a3-725d-4261-a6c2-e597d51541f4CyfirmaDigitalRiskAlertsConnector
Flare SSL Certificate result9cb7c337-f179-4af6-b0e8-b6b7552d762dFlare
Power Apps - Bulk sharing of Power Apps to newly created guest users943acfa0-9285-4eb0-a9c0-42e36177ef19PowerPlatformAdmin
AzureActiveDirectory
New onmicrosoft domain added to tenant4f42b94f-b210-42d1-a023-7fa1c51d969fAzureActiveDirectory
BTP - Malware detected in BAS dev space31997e9a-7447-47f3-8208-4f5d7efe497cSAPBTPAuditEvents
Semperis DSP Operations Critical Notifications8f471e21-3bb2-466f-9bc2-0a0326a60788SemperisDSP
ZeroFox Alerts - High Severity Alertsdeb45e6d-892f-40bf-9118-e2a6f26b788dZeroFox_Alert_Polling
ZeroFox Alerts - Informational Severity Alerts6f7a7413-b72f-4361-84ee-897baeb9c6d4ZeroFox_Alert_Polling
ZeroFox Alerts - Low Severity Alertse0c7a91a-7aa1-498a-9c20-cd6c721f9345ZeroFox_Alert_Polling
ZeroFox Alerts - Medium Severity Alertsa6496de5-911b-4199-b7db-d34ac9d70df3ZeroFox_Alert_Polling