Mimecast_UnauthorizedAPIAccess
ID: 100166
Description:
Mimecast - Unauthorized API Request
Repository: Group: Mimecast Type: event
Default Status:
Enabled
| Tags: |
|---|
| Mimecast |
Selector:
Query:
@source:mimecast
Filters:
| Field | MUST hit |
|---|---|
| @fields.auditType | Unauthorized API Request |
| Field | MUST NOT hit |
|---|---|
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @fields.user | username | account login |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| Timeline | 0 | - |
Attributes:
| Alias | Key |
|---|---|
| City | @fields._ip.city |
| Country | @fields._ip.country |
| UserName | @fields.user |
| Application | @fields.application |
| IP | @fields.ip |
| API | @fields.api |
| EventInfo | @fields.eventInfo |
Correlation Rules:
First Occurrence:
| Name | Window | Fields |
|---|---|---|
| NewUser | 10 days | Username |
| Risks: | ML_NEW_CLIENT | |
| NewCountry | 10 days | Country |
| Risks: | ML_NEW_GEO_COUNTRY | |
| NewCity | 10 days | City |
| Risks: | ML_NEW_GEO_CITY | |
| NewAPI | 10 days | @fields.api |
| Risks: | ML_NEW_ALERT |
History:
| User | Date |
|---|---|
| ke*y@fluencysecurity.com | 2020 Dec 22 09:56:47 EST |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)