Link Search Menu Expand Document

SCC_Access_Governance

ID: 100241

Description:

Security Compliance Center Access Governance

Repository: Group: SCC Type: event

Default Status:

Enabled

Tags:    
SCC SecurityComplianceCenter Office365
     

Selector:

Query:

Filters:

Field MUST hit
@source Audit.General
@fields.Workload SecurityComplianceCenter
@fields.Category AccessGovernance
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
@fields.InsightData.Details.Name username application activity

Risks:

Risks Base Score Dimension
Timeline 0 -

Attributes:

Alias Key
Category @fields.Category
Operation @fields.Operation
InsightValue @fields.AdditionalData.Value
InsightDescription @fields.Description
Username @fields.InsightData.Details.Name
RecordType @fields.RecordType
UserType @fields.UserType
Severity @fields.Severity
Customer @customer

Correlation Rules:

History:

User Date
em*n@fluencysecurity.com 2021 Jan 11 12:20:51 EST
em*n@fluencysecurity.com 2021 Jan 11 12:33:11 EST
em*n@fluencysecurity.com 2021 Feb 8 14:12:24 EST
em*n@fluencysecurity.com 2021 Feb 8 14:12:46 EST
al*r@fluencysecurity.com 2021 Feb 18 11:42:08 EST

This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)