Back Id bb9051ef-0e72-4758-a143-80c25ee452f0 Rulename Theom Critical Risks Description “Creates Microsoft Sentinel incidents for critical risk Theom alerts.” Severity High Tactics Collection
CommandAndControl
CredentialAccess
DefenseEvasion
Discovery
Exfiltration
Impact
Reconnaissance Techniques T1592
T1589
T1070
T1552
T1619
T1119
T1560
T1530
T1213
T1001
T1041
T1537
T1485
T1486
T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksCritical.yaml Version 1.0.3 Arm template bb9051ef-0e72-4758-a143-80c25ee452f0.Back Id 74b80987-0a62-448c-8779-47b02e17d3cf Rulename Theom High Risks Description “Creates Microsoft Sentinel incidents for high risk Theom alerts.” Severity High Tactics Collection
CommandAndControl
CredentialAccess
DefenseEvasion
Discovery
Exfiltration
Impact
Reconnaissance Techniques T1592
T1589
T1070
T1552
T1619
T1119
T1560
T1530
T1213
T1001
T1041
T1537
T1485
T1486
T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksHigh.yaml Version 1.0.2 Arm template 74b80987-0a62-448c-8779-47b02e17d3cf.Back Id d200da84-0191-44ce-ad9e-b85e64c84c89 Rulename Theom Insights Description “Creates Microsoft Sentinel incidents for Theom insight alerts.” Severity Low Tactics Collection
CommandAndControl
CredentialAccess
DefenseEvasion
Discovery
Exfiltration
Impact
Reconnaissance Techniques T1592
T1589
T1070
T1552
T1619
T1119
T1560
T1530
T1213
T1001
T1041
T1537
T1485
T1486
T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksInsights.yaml Version 1.0.2 Arm template d200da84-0191-44ce-ad9e-b85e64c84c89.jsonBack Id cf7fb616-ac80-40ce-ad18-aa18912811f8 Rulename Theom Low Risks Description “Creates Microsoft Sentinel incidents for low risk Theom alerts” Severity High Tactics Collection
CommandAndControl
CredentialAccess
DefenseEvasion
Discovery
Exfiltration
Impact
Reconnaissance Techniques T1592
T1589
T1070
T1552
T1619
T1119
T1560
T1530
T1213
T1001
T1041
T1537
T1485
T1486
T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksLow.yaml Version 1.0.2 Arm template cf7fb616-ac80-40ce-ad18-aa18912811f8.Back Id 4cb34832-f73a-49f2-8d38-c2d135c5440b Rulename Theom Medium Risks Description “Creates Microsoft Sentinel incidents for medium risk Theom alerts.” Severity High Tactics Collection
CommandAndControl
CredentialAccess
DefenseEvasion
Discovery
Exfiltration
Impact
Reconnaissance Techniques T1592
T1589
T1070
T1552
T1619
T1119
T1560
T1530
T1213
T1001
T1041
T1537
T1485
T1486
T1565 Required data connectors Theom Kind Scheduled Query frequency 5m Query period 5m Trigger threshold 0 Trigger operator gt Source Uri https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Theom/Analytic Rules/TheomRisksMedium.yaml Version 1.0.2 Arm template 4cb34832-f73a-49f2-8d38-c2d135c5440b.