Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Attackers may introduce upstream packages into the build process to insert malicious code. This query searches for such malicious activity. If an environment has low number of events, it can be upgraded to a detection.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | AzureDevOpsAuditing |
| ID | 20be967c-4923-4c4b-8e1d-e1c95d537dc3 |
| Tactics | InitialAccess |
| Techniques | T1195 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
ADOAuditLogs_CL |
? | ✓ | ? |
AzureDevOpsAuditing |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊