Link Search Menu Expand Document

SCC_Data_Governance

ID: 100167

Description:

Security Compliance Center Data Governance

Repository: Fluency Group: SCC Type: event

Default Status:

Enabled

Tags:    
SCC SecurityComplianceCenter O365
     

Selector:

Query:

Filters:

Field MUST hit
@source Audit.General
@fields.Workload SecurityComplianceCenter
@fields.Category DataGovernance
@fields.Operation AlertTriggered
Field MUST NOT hit
@fields.Severity Low

Behavior Rule:

Key Type Behavior Category
@fields.DataFields.f3u username application activity

Risks:

Risks Base Score Dimension
ALERT_NORMAL 100 alert

Attributes:

Alias Key
Operation @fields.Operation
RecordType @fields.RecordType
UserType @fields.UserType
Severity @fields.Severity
Comments @fields.Comments
Status @fields.Status
Source @fields.Source
AlertName @fields.Name
Data @fields.Data
Username @fields.DataFields.f3u
UserOperation @fields.DataFields.op
Workload @fields.DataFields.wl
AlertDescription @fields.DataFields.ad

Correlation Rules:

First Occurrence:

Name Window Fields
NewUser 10 days @fields.DataFields.f3u
  Risks: ML_NEW_USER

Aggregation:

Name Window Field AggType Match
MultipleAlerts 1 hour   count gt 20
  Risks: ALERT_POLICY    

History:

User Date
em*n@fluencysecurity.com 2021 Jan 11 20:18:59 EST
em*n@fluencysecurity.com 2021 Jan 13 07:43:13 EST
ho*d@fluencysecurity.com 2021 May 28 12:33:48 EDT
ho*d@fluencysecurity.com 2021 May 28 12:34:47 EDT
ho*d@fluencysecurity.com 2021 May 28 12:55:04 EDT

This page was automatically created/formatted on Tue, 2021 Oct 19 00:29:17 EDT, from rule_dump.json (db47c470500ce8686ead334f5eda0596)