SCC_Threat_Intelligence_Mail_Data
ID: 100246
Description:
Security Compliance Center
Repository: Group: Office365 Type: event
Default Status:
Enabled
| Tags: | ||
|---|---|---|
| SCC | SecurityComplianceCenter | O365 |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| @source | Audit.General |
| @fields.Workload | ThreatIntelligence |
| @fields.RecordType | 28 |
| Field | MUST NOT hit |
|---|---|
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @fields.P1Sender | username | application activity |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| Timeline | 0 | - |
Attributes:
| Alias | Key |
|---|---|
| Operation | @fields.Operation |
| RecordType | @fields.RecordType |
| UserType | @fields.UserType |
| ThreatDetectionMethod | @fields.DetectionMethod |
| ThreatP1Sender | @fields.P1Sender |
| ThreatP2Sender | @fields.P2Sender |
| ThreatPolicyIndicator | @fields.Policy |
| ThreatPolicyAction | @fields.PolicyAction |
| ThreatSubjectLine | @fields.Subject |
| ThreatVerdict | @fields.Verdict |
| IP | @fields.SenderIP |
| Customer | @customer |
Correlation Rules:
History:
| User | Date |
|---|---|
| em*n@fluencysecurity.com | 2021 Jan 11 21:57:50 EST |
| al*r@fluencysecurity.com | 2021 Feb 18 11:43:48 EST |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)