Solutions/Bitglass/Hunting Queries/BitglassUncategorizedResources.yaml (25 lines of code) (raw):
id: 1b45c098-8d65-4c50-9f7b-9108e71ecf60
name: Bitglass - Uncategorized resources
description: |
'Query searches for uncategorized resources.'
severity: Medium
requiredDataConnectors:
- connectorId: Bitglass
dataTypes:
- Bitglass
tactics:
- InitialAccess
relevantTechniques:
- T1566
query: |
Bitglass
| where TimeGenerated > ago(24h)
| where EventType =~ 'swgweb'
| where WebCategories contains 'Uncategorized'
| where Action =~ 'allow'
| extend AccountCustomEntity = User
entityMappings:
- entityType: Account
fieldMappings:
- identifier: Name
columnName: AccountCustomEntity