Link Search Menu Expand Document

SCC_Threat_Intelligence

ID: 100245

Description:

Security Compliance Center Threat Intelligence URL click data

Repository: Group: SCC Type: event

Default Status:

Enabled

Tags:    
SCC SecurityComplianceCenter Office365
     

Selector:

Query:

Filters:

Field MUST hit
@source Audit General
@fields.Workload ThreatIntelligence
@fields.RecordType 41
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
username username application activity

Risks:

Risks Base Score Dimension
Timeline 0 -

Attributes:

Alias Key
Operation @fields.Operation
RecordType @fields.RecordType
UserType @fields.UserType
ThreatDetectionMethod @fields.DetectionMethod
ThreatP1Sender @fields.P1Sender
ThreatP2Sender @fields.P2Sender
ThreatPolicyIndicator @fields.Policy
ThreatPolicyAction @fields.PolicyAction
ThreatSubjectLine @fields.Subject
ThreatVerdict @fields.Verdict
IP @fields.SenderIP
Customer @customer

Correlation Rules:

History:

User Date
em*n@fluencysecurity.com 2021 Jan 11 09:15:57 EST
em*n@fluencysecurity.com 2021 Jan 11 12:32:57 EST
al*r@fluencysecurity.com 2021 Feb 18 11:43:28 EST

This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)