44 строки
1.6 KiB
YAML
44 строки
1.6 KiB
YAML
id: b4cc5396-2a34-45f5-a726-860e476edf15
|
|
name: AIShield - Image classification AI Model extraction high suspicious vulnerability detection
|
|
description: |
|
|
'This alert creates an incident when Image classification AI Model extraction high suspicious, high severity vulnerability detected from the AIShield.'
|
|
severity: High
|
|
status: Available
|
|
requiredDataConnectors:
|
|
- connectorId: BoschAIShield
|
|
dataTypes:
|
|
- AIShield
|
|
queryFrequency: 1h
|
|
queryPeriod: 1h
|
|
triggerOperator: gt
|
|
triggerThreshold: 0
|
|
tactics: []
|
|
relevantTechniques: []
|
|
query: |
|
|
AIShield
|
|
| where Message has 'Image Classification AI Model Extraction Attack Identified'
|
|
| where Severity =~ 'High'
|
|
| where SuspiciousLevel =~ 'high suspicious attack'
|
|
| extend NTDomain = tostring(split(Computer, '\\')[0]), HostName = tostring(split(Computer, '.')[0])
|
|
entityMappings:
|
|
- entityType: Host
|
|
fieldMappings:
|
|
- identifier: HostName
|
|
columnName: HostName
|
|
- identifier: NTDomain
|
|
columnName: NTDomain
|
|
- entityType: IP
|
|
fieldMappings:
|
|
- identifier: Address
|
|
columnName: SourceName
|
|
eventGroupingSettings:
|
|
aggregationKind: SingleAlert
|
|
alertDetailsOverride:
|
|
alertDisplayNameFormat: AIShield - Image Classification AI Model extraction high suspicious vulnerability detected.
|
|
alertDescriptionFormat: |
|
|
This query detects Image Classification AI Model extraction high suspicious, high severity alert from AIShield generated at {{TimeGenerated}}.\n\nPlease check the source for more information and investigate further.
|
|
alertTacticsColumnName: null
|
|
alertSeverityColumnName: Severity
|
|
version: 1.0.4
|
|
kind: Scheduled
|