Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
'Cobalt Strike is a famous Pen Test tool that is used by pen testers as well as attackers alike To compromise an environment. The query tries to detect suspicious DNS queries known from Cobalt Strike beacons.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Attacker Tools Threat Protection Essentials |
| ID | dde206fc-3f0b-4175-bb5d-42d2aae9d4c9 |
| Tactics | CommandAndControl |
| Techniques | T1568, T1008 |
| Required Connectors | DNS, ASimDnsActivityLogs, AzureMonitor(VMInsights) |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DnsEvents |
✓ | ✗ | ✓ |
VMConnection |
? | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Hunting Queries · Back to Attacker Tools Threat Protection Essentials