cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SOURGUM Actor IOC - July 2021 Analytics Rule

NewbieInSentinel
Copper Contributor

‎Dec 11 2022 10:29 PM - edited ‎Dec 11 2022 10:31 PM

‎Dec 11 2022 10:29 PM - edited ‎Dec 11 2022 10:31 PM

SOURGUM Actor IOC - July 2021 Analytics Rule

Hi,

 

Have a question regarding one Analytics Rule in Microsoft Sentinel ( SOURGUM Actor IOC - July 2021 ).
In Sentinel, Office 365 connector is one of the list of data connectors for this rule. But, upon checking the query, i did not see any OfficeActivity table being used.

Can anyone enlighten me about this rule or am i just missing something here.

Thank you!

Labels:
801 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Dec 12 2022 03:29 AM

‎Dec 12 2022 03:29 AM

Re: SOURGUM Actor IOC - July 2021 Analytics Rule

There are two versions (1.0.1 and 1.1.1) both using the same name, I suspect in the 2nd link (the one you are looking at, Office365 is wrongly used in the YAML file)

https://github.com/Azure/Azure-Sentinel/blob/b20831ed8f721c2f91ffc356af8e7dfa3df08711/Solutions/Wind...

and

https://github.com/Azure/Azure-Sentinel/blob/2e4f5f6e6d1899827c01e19e20dc368abd140eb3/Detections/Mul...
0 Likes
Reply