Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Theom Critical Risks

Back Id bb9051ef-0e72-4758-a143-80c25ee452f0 Rulename Theom Critical Risks Description “Creates Microsoft Sentinel incidents for critical risk Theom alerts.” Severity High Tactics Collection CommandAndControl CredentialAccess DefenseEvasion Discovery Exfiltration Impact Reconnaissance Techniques T1592 T1589 T1070 T1552 T1619 T1119 T1560 T1530 T1213 T1001 T1041 T1537 T1485 T1486 T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksCritical.yaml Version 1.0.3 Arm template bb9051ef-0e72-4758-a143-80c25ee452f0.
Read full post gdoc_arrow_right_alt
2 minutes to read

Theom High Risks

Back Id 74b80987-0a62-448c-8779-47b02e17d3cf Rulename Theom High Risks Description “Creates Microsoft Sentinel incidents for high risk Theom alerts.” Severity High Tactics Collection CommandAndControl CredentialAccess DefenseEvasion Discovery Exfiltration Impact Reconnaissance Techniques T1592 T1589 T1070 T1552 T1619 T1119 T1560 T1530 T1213 T1001 T1041 T1537 T1485 T1486 T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksHigh.yaml Version 1.0.2 Arm template 74b80987-0a62-448c-8779-47b02e17d3cf.
Read full post gdoc_arrow_right_alt
2 minutes to read

Theom Insights

Back Id d200da84-0191-44ce-ad9e-b85e64c84c89 Rulename Theom Insights Description “Creates Microsoft Sentinel incidents for Theom insight alerts.” Severity Low Tactics Collection CommandAndControl CredentialAccess DefenseEvasion Discovery Exfiltration Impact Reconnaissance Techniques T1592 T1589 T1070 T1552 T1619 T1119 T1560 T1530 T1213 T1001 T1041 T1537 T1485 T1486 T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksInsights.yaml Version 1.0.2 Arm template d200da84-0191-44ce-ad9e-b85e64c84c89.json
Read full post gdoc_arrow_right_alt
2 minutes to read

Theom Low Risks

Back Id cf7fb616-ac80-40ce-ad18-aa18912811f8 Rulename Theom Low Risks Description “Creates Microsoft Sentinel incidents for low risk Theom alerts” Severity High Tactics Collection CommandAndControl CredentialAccess DefenseEvasion Discovery Exfiltration Impact Reconnaissance Techniques T1592 T1589 T1070 T1552 T1619 T1119 T1560 T1530 T1213 T1001 T1041 T1537 T1485 T1486 T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksLow.yaml Version 1.0.2 Arm template cf7fb616-ac80-40ce-ad18-aa18912811f8.
Read full post gdoc_arrow_right_alt
2 minutes to read

Theom Medium Risks

Back Id 4cb34832-f73a-49f2-8d38-c2d135c5440b Rulename Theom Medium Risks Description “Creates Microsoft Sentinel incidents for medium risk Theom alerts.” Severity High Tactics Collection CommandAndControl CredentialAccess DefenseEvasion Discovery Exfiltration Impact Reconnaissance Techniques T1592 T1589 T1070 T1552 T1619 T1119 T1560 T1530 T1213 T1001 T1041 T1537 T1485 T1486 T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksMedium.yaml Version 1.0.2 Arm template 4cb34832-f73a-49f2-8d38-c2d135c5440b.
Read full post gdoc_arrow_right_alt
2 minutes to read