Squadra Technologies SecRMM: Compliance Update Adds Required Detection Rule

What Changed

Added required analytic rule to Squadra Technologies SecRMM solution for Microsoft Sentinel compliance. The solution was previously non-compliant due to missing detection content.

Detection Logic

Primary data source: secRMM_CL custom table from Squadra removable storage monitoring
Core logic: Near-real-time (NRT) detection for removable storage device connection events
Entity types mapped: Host (Computer field)
Technique coverage: MITRE T1025 (Data from Removable Media) for USB security monitoring

Security Impact (Visibility & Fidelity)

Enables detection of removable storage device usage in enterprise environments:

Real-time alerting when USB devices are connected to monitored endpoints
Enhanced data loss prevention (DLP) visibility for removable media usage
Compliance monitoring for removable storage policies
Custom table schema updated with improved field definitions and data types

Affected Files

Solutions/Squadra Technologies SecRmm/Analytic Rules/Removable_Storage_ONLINE.yaml
Solutions/Squadra Technologies SecRmm/Data Connectors/SquadraTechnologiesSecRMM.json
Solutions/Squadra Technologies SecRmm/Workbooks/AzureSentinelWorkbookForRemovableStorageSecurityEvents.json
(packaging artefacts: mainTemplate.json, createUiDefinition.json, 3.0.0.zip)

What Changed#

Detection Logic#

Security Impact (Visibility & Fidelity)#

Affected Files#

What Changed

Detection Logic

Security Impact (Visibility & Fidelity)

Affected Files