Link Search Menu Expand Document

SCC_Access_Governance

ID: 100241

Description:

Security Compliance Center Access Governance

Repository: Group: SCC Type: event

Default Status:

Enabled

Tags:    
SCC SecurityComplianceCenter Office365
     

Selector:

Query:

Filters:

Field MUST hit
@source Audit.General
@fields.Workload SecurityComplianceCenter
@fields.Category AccessGovernance
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
@fields.InsightData.Details.Name username application activity

Risks:

Risks Base Score Dimension
Timeline 0 -

Attributes:

Alias Key
Category @fields.Category
Operation @fields.Operation
InsightValue @fields.AdditionalData.Value
InsightDescription @fields.Description
Username @fields.InsightData.Details.Name
RecordType @fields.RecordType
UserType @fields.UserType
Severity @fields.Severity
Customer @customer

Correlation Rules:

History:

User Date
em*n@fluencysecurity.com 2021 Jan 11 12:20:51 EST
em*n@fluencysecurity.com 2021 Jan 11 12:33:11 EST
em*n@fluencysecurity.com 2021 Feb 8 14:12:24 EST
em*n@fluencysecurity.com 2021 Feb 8 14:12:46 EST
al*r@fluencysecurity.com 2021 Feb 18 11:42:08 EST

This page was automatically created/formatted on Tue, 2021 Oct 19 00:29:17 EDT, from rule_dump.json (db47c470500ce8686ead334f5eda0596)