Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »

Purpose

An analyst wants to detect <adjective> behavior in <data source>.  Using the <name> Azure collector to send <type> to Devo, the analyst will find <outcome>.  As a result, the analyst will <verb> the <entity>, preventing  them from <tactic>.

Example tables

Table

Description

Authorize It

Run It

In the Cloud Collector App, create an Azure Collector instance using this parameters template, replacing the values enclosed in < >.

Secure It

Monitor It

Create an inactivity alert to detect interruptions of transfer of data from the source to the SQS queue using the query

from TABLE 
where toktains(hostchain,"collector-") 
select split(hostchain,"-",1) as collector_id

Set the inactivity alert to keep track of the collector_id.

  • No labels