Skip to content

Latest commit

 

History

History
33 lines (26 loc) · 971 Bytes

MATCH-S00121.md

File metadata and controls

33 lines (26 loc) · 971 Bytes

Rules: G Suite - Mobile - Suspicious Activity

Description

Google G Suite alert for mobile suspicious activity

Additional Details

Detail Value
Type Templated Match
Category Initial Access
Apply Risk to Entities user_username, srcDevice_ip
Signal Name G Suite - mobile - suspicious_activity - "{{action}}"
Summary Expression Suspicious mobile activity from IP: {{srcDevice_ip}} on user: {{user_username}}
Score/Severity Static: 2
Enabled by Default True
Prototype False
Tags _mitreAttackTactic:TA0001, _mitreAttackTechnique:T1078, _mitreAttackTechnique:T1078.004

Vendors and Products

Fields Used

Origin Field
Normalized Schema action
Normalized Schema metadata_deviceEventId
Normalized Schema metadata_product
Normalized Schema metadata_vendor
Normalized Schema srcDevice_ip
Normalized Schema user_username