GSuites_Mobile_Device_Compromised
ID: 100163
Description:
A user’s mobile device was compromised
Repository: Group: GSuites Type: event
Default Status:
Enabled
| Tags: |
|---|
| GSuites |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| @gsuites.id.applicationName | mobile |
| @source | gsuites |
| @gsuites.events.type | suspicious_activity |
| @gsuites.events.name | DEVICE_COMPROMISED_STATE |
| Field | MUST NOT hit |
|---|---|
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @gsuites.actor.email | username | application activity |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| Timeline | 0 | - |
Attributes:
| Alias | Key |
|---|---|
| EventType | @gsuites.events.type |
| EventName | @gsuites.events.name |
| Username | @gsuites.actor.email |
| Customer | @customer |
Correlation Rules:
First Occurrence:
| Name | Window | Fields |
|---|---|---|
| NewUser | 10 days | @gsuites.actor.email |
| Risks: | ML_NEW_USER |
History:
| User | Date |
|---|---|
| em*n@fluencysecurity.com | 2020 Dec 21 13:55:55 EST |
| em*n@fluencysecurity.com | 2021 Feb 24 14:15:53 EST |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)