ResourceDevelopment
| Rule Name | id | Required data connectors |
|---|---|---|
| Unauthorized EC2 Instance Setup Attempt | f7210a45-12a4-4d02-b59e-f23476827a4b | AWS |
| Cisco SDWAN - Maleware Events | cb14defd-3415-4420-a2e4-2dd0f3e07a86 | CiscoSDWAN |
| Brand Abuse | 6e9e1975-6d85-4387-bd30-3881c66e302e | CBSPollingIDAzureFunctions |
| Brand Impersonation - HIGH | bf93bd26-cad8-40a3-bde0-71acb874d595 | CBSPollingIDAzureFunctions |
| Brand Impersonation - INFO | 40045fff-d01f-4165-af5f-aca94fd402af | CBSPollingIDAzureFunctions |
| Exposed Email Address | b25aae75-d333-4b77-a7c1-b24644dc1e1f | CBSPollingIDAzureFunctions |
| Exposed User List | 2caf81cf-a419-4d56-91da-67368f2e73d2 | HVPollingIDAzureFunctions |
| Leaked Credential | a0a46e91-3f94-4ed4-ab70-ecd36ae0ead0 | CBSPollingIDAzureFunctions |
| Suspicious Mobile App High | 6e9afac9-6828-486f-b1d8-cf76e86e1224 | CBSPollingIDAzureFunctions |
| Suspicious Mobile App INFO | 18155351-23b6-4684-bca6-23c11e4ff5c1 | CBSPollingIDAzureFunctions |
| Flare SSL Certificate result | 9cb7c337-f179-4af6-b0e8-b6b7552d762d | Flare |
| Power Apps - Bulk sharing of Power Apps to newly created guest users | 943acfa0-9285-4eb0-a9c0-42e36177ef19 | PowerPlatformAdmin AzureActiveDirectory |
| New onmicrosoft domain added to tenant | 4f42b94f-b210-42d1-a023-7fa1c51d969f | AzureActiveDirectory |
| BTP - Malware detected in BAS dev space | 31997e9a-7447-47f3-8208-4f5d7efe497c | SAPBTPAuditEvents |
| Semperis DSP Operations Critical Notifications | 8f471e21-3bb2-466f-9bc2-0a0326a60788 | SemperisDSP |
| ZeroFox Alerts - High Severity Alerts | deb45e6d-892f-40bf-9118-e2a6f26b788d | ZeroFox_Alert_Polling |
| ZeroFox Alerts - Informational Severity Alerts | 6f7a7413-b72f-4361-84ee-897baeb9c6d4 | ZeroFox_Alert_Polling |
| ZeroFox Alerts - Low Severity Alerts | e0c7a91a-7aa1-498a-9c20-cd6c721f9345 | ZeroFox_Alert_Polling |
| ZeroFox Alerts - Medium Severity Alerts | a6496de5-911b-4199-b7db-d34ac9d70df3 | ZeroFox_Alert_Polling |