SOC in a Box - Non Billable Package

Non Billable Content Package

Non billable data sources (e.g. Office 365, Azure Activity, etc.)

For a quickstart guide on how to enable Data Connectors / Analytics Rules / Workbooks, click here.

Connectors

Office 365
Azure Activity
Azure Active Directory Identity Protection
Azure Advanced Threat Protection
Azure Information Protection
Azure Security Center
Azure Security Center for IoT
Microsoft Cloud App Security
Microsoft Defender Advanced Threat Protection

Analytics

Advanced Multistage Attack Detection
Known Phosphorus group domains/IP
Known IRIDIUM IP
Known Manganese IP and UserAgent activity
Mail redirect via ExO transport rule
SharePointFileOperation via previously unseen IPs
Multiple users email forwarded to same destination
Malicious Inbox Rule
Exchange AuditLog disabled
Office policy tampering
Suspicious number of resource creation or deployment activies
Suspicious granting of permissions to an account

Workbooks

Security Operations Efficiency
Exchange Online
Office 365
Azure Activity

Tags: