id: be63a941-4e04-4e86-af4c-a6b8a0ea5213 name: Bitglass - User devices description: | 'Query searches for user devices.' severity: Medium requiredDataConnectors: - connectorId: Bitglass dataTypes: - Bitglass tactics: - InitialAccess relevantTechniques: - T1078 query: | Bitglass | where TimeGenerated > ago(24h) | where EventType =~ 'access' | where isnotempty(Dvc) | summarize makeset(Dvc) by User | extend AccountCustomEntity = User entityMappings: - entityType: Account fieldMappings: - identifier: Name columnName: AccountCustomEntity