Link Search Menu Expand Document

Mimecast_UnauthorizedAPIAccess

ID: 100166

Description:

Mimecast - Unauthorized API Request

Repository: Group: Mimecast Type: event

Default Status:

Enabled

Tags:
Mimecast
 

Selector:

Query:

@source:mimecast

Filters:

Field MUST hit
@fields.auditType Unauthorized API Request
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
@fields.user username account login

Risks:

Risks Base Score Dimension
Timeline 0 -

Attributes:

Alias Key
City @fields._ip.city
Country @fields._ip.country
UserName @fields.user
Application @fields.application
IP @fields.ip
API @fields.api
EventInfo @fields.eventInfo

Correlation Rules:

First Occurrence:

Name Window Fields
NewUser 10 days Username
  Risks: ML_NEW_CLIENT
NewCountry 10 days Country
  Risks: ML_NEW_GEO_COUNTRY
NewCity 10 days City
  Risks: ML_NEW_GEO_CITY
NewAPI 10 days @fields.api
  Risks: ML_NEW_ALERT

History:

User Date
ke*y@fluencysecurity.com 2020 Dec 22 09:56:47 EST

This page was automatically created/formatted on Tue, 2021 Oct 19 00:29:17 EDT, from rule_dump.json (db47c470500ce8686ead334f5eda0596)