id: 426a8b59-41ad-4022-bb01-cf914fd5687a name: Imperva - Rare applications description: | 'Query searches for rare application protocols.' severity: Medium requiredDataConnectors: - connectorId: ImpervaWAFCloudAPI dataTypes: - ImpervaWAFCloud tactics: - InitialAccess relevantTechniques: - T1190 query: | ImpervaWAFCloud | where TimeGenerated > ago(24h) | where isnotempty(NetworkApplicationProtocol) | summarize count() by NetworkApplicationProtocol | top 5 by count_ asc | extend AppCustomEntity = NetworkApplicationProtocol entityMappings: - entityType: CloudApplication fieldMappings: - identifier: Name columnName: AppCustomEntity