SCC_Data_Governance
ID: 100167
Description:
Security Compliance Center Data Governance
Repository: Fluency Group: SCC Type: event
Default Status:
Enabled
| Tags: | ||
|---|---|---|
| SCC | SecurityComplianceCenter | O365 |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| @source | Audit.General |
| @fields.Workload | SecurityComplianceCenter |
| @fields.Category | DataGovernance |
| @fields.Operation | AlertTriggered |
| Field | MUST NOT hit |
|---|---|
| @fields.Severity | Low |
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @fields.DataFields.f3u | username | application activity |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| ALERT_NORMAL | 100 | alert |
Attributes:
| Alias | Key |
|---|---|
| Operation | @fields.Operation |
| RecordType | @fields.RecordType |
| UserType | @fields.UserType |
| Severity | @fields.Severity |
| Comments | @fields.Comments |
| Status | @fields.Status |
| Source | @fields.Source |
| AlertName | @fields.Name |
| Data | @fields.Data |
| Username | @fields.DataFields.f3u |
| UserOperation | @fields.DataFields.op |
| Workload | @fields.DataFields.wl |
| AlertDescription | @fields.DataFields.ad |
Correlation Rules:
First Occurrence:
| Name | Window | Fields |
|---|---|---|
| NewUser | 10 days | @fields.DataFields.f3u |
| Risks: | ML_NEW_USER |
Aggregation:
| Name | Window | Field | AggType | Match |
|---|---|---|---|---|
| MultipleAlerts | 1 hour | count | gt 20 | |
| Risks: | ALERT_POLICY |
History:
| User | Date |
|---|---|
| em*n@fluencysecurity.com | 2021 Jan 11 20:18:59 EST |
| em*n@fluencysecurity.com | 2021 Jan 13 07:43:13 EST |
| ho*d@fluencysecurity.com | 2021 May 28 12:33:48 EDT |
| ho*d@fluencysecurity.com | 2021 May 28 12:34:47 EDT |
| ho*d@fluencysecurity.com | 2021 May 28 12:55:04 EDT |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)