Forum Discussion
SOURGUM Actor IOC - July 2021 Analytics Rule
Hi,
Have a question regarding one Analytics Rule in Microsoft Sentinel ( SOURGUM Actor IOC - July 2021 ).
In Sentinel, Office 365 connector is one of the list of data connectors for this rule. But, upon checking the query, i did not see any OfficeActivity table being used.
Can anyone enlighten me about this rule or am i just missing something here.
Thank you!
1 Reply
- There are two versions (1.0.1 and 1.1.1) both using the same name, I suspect in the 2nd link (the one you are looking at, Office365 is wrongly used in the YAML file)
https://github.com/Azure/Azure-Sentinel/blob/b20831ed8f721c2f91ffc356af8e7dfa3df08711/Solutions/Windows%20Forwarded%20Events/Analytic%20Rules/SOURGUM_IOC_WindowsEvent.yaml
and
https://github.com/Azure/Azure-Sentinel/blob/2e4f5f6e6d1899827c01e19e20dc368abd140eb3/Detections/MultipleDataSources/SOURGUM_IOC.yaml
