Data Source
Ingests security findings from Quokka Qscout mobile app security platform analyzing applications on organizational mobile devices. The platform exports app analysis events for malicious findings detected during mobile application assessment.
Ingestion Mechanism
- CCF-based connector using REST API polling against api.krwr.net endpoint
- Custom table: QscoutAppEvents_CL with mobile app metadata and analysis results
- Organization ID and API key authentication required for data access
- Polling configuration supports 5-minute query windows with 10 QPS rate limiting
Detection Surface Unlocked
Provides visibility into mobile application security posture across organizational devices including:
- Malicious app detection on managed mobile devices
- Mobile app vulnerability findings and security assessments
- Cross-platform mobile threat visibility (iOS/Android)
- Device compliance and app security monitoring for MDM-enrolled devices
MITRE Coverage
Comprehensive mobile threat technique coverage including Initial Access, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Collection, Command and Control, and Impact tactics with 35+ specific mobile techniques (T1406, T1409, T1414, T1417, T1418, T1422, T1424, T1429, T1430, T1471, T1474, T1481, T1509, T1512, T1513, T1516, T1517, T1532, T1541, T1544, T1582, T1616, T1617, T1623, T1624, T1625, T1627, T1628, T1629, T1630, T1631, T1633, T1634, T1635, T1636, T1638, T1640, T1641, T1642, T1643).
Affected Files
Solutions/Quokka/Data Connectors/QuokkaQscoutAppEventsLogs_ccf/QuokkaQscoutAppEventsLogs_connectorDefinition.json
Solutions/Quokka/Data Connectors/QuokkaQscoutAppEventsLogs_ccf/QuokkaQscoutAppEventsLogs_DCR.json
Solutions/Quokka/Data Connectors/QuokkaQscoutAppEventsLogs_ccf/QuokkaQscoutAppEventsLogs_PollingConfig.json
Solutions/Quokka/Analytic Rules/MaliciousResultsDetection.yaml
Solutions/Quokka/Workbooks/QscoutDashboards.json
(packaging artefacts: mainTemplate.json, createUiDefinition.json, Solution_Quokka.json)