PA_DropBox
ID: 100066
Description:
Repository: Group: ThreatAnalysis Type: event
Default Status:
Disabled
| Tags: | |
|---|---|
| dropbox | cloud storage |
Selector:
Query:
@tags:”PA_TRAFFIC”
Filters:
| Field | MUST hit |
|---|---|
| @fields.application | dropbox-base |
| Field | MUST NOT hit |
|---|---|
| @fields.source_user | entity: [ PA_DropBox_Exceptions ] |
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @fields.source_user | asset | security alert |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
Attributes:
| Alias | Key |
|---|---|
| SourceIP | @fields.source_ip |
| SourceUser | @fields.source_user |
| BytesSent | @fields.bytes_sent |
| BytesRecvd | @fields.bytes_received |
Correlation Rules:
First Occurrence:
| Name | Window | Fields | |
|---|---|---|---|
| PA_DropBoxUsage | 10 days | @fields.source_user | |
| Risks: | ALERT_POLICY | FILE_DOWNLOAD |
Aggregation:
| Name | Window | Field | AggType | Match |
|---|---|---|---|---|
| PA_DropBox_FileUpload | 1 hour | @fields.bytes_sent | sum | gt 100000 |
| Risks: | ALERT_POLICY | FILE_DOWNLOAD | ||
| PA_DropBox_FileDownload | 1 hour | @fields.bytes_received | sum | gt 100000 |
| Risks: | FILE_DOWNLOAD | ALERT_POLICY |
History:
| User | Date | | :— | :— | | — | — |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)