What Changed
Datawiza solution v3.0.1 adds a new Analytic Rule “Datawiza - massive errors detected” that monitors for abnormal server error patterns.
Detection Logic
Primary data source: datawizaserveraccess_CL table. Core logic monitors HTTP 5xx status codes (Status_d >= 500) over a 10-minute window, triggering when error count exceeds 100 events. Entity types mapped: none explicitly defined in the rule.
MITRE Mapping
T1082 (System Information Discovery) - Detection identifies potential reconnaissance activity through error pattern analysis that may indicate system probing or misconfiguration discovery attempts.
Affected Files
.script/tests/detectionTemplateSchemaValidation/ValidConnectorIds.json
Solutions/Datawiza/Analytic Rules/DatawizaSentinelAlerts.yaml
(packaging artefacts: 3.0.1.zip, ReleaseNotes.md, Solution_Datawiza_DAP.json, createUiDefinition.json, mainTemplate.json)