CTERA Batch Access Denied Detection

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This query detects access denied events generated by the CTERA Edge Filer

Attribute Value
Type Hunting Query
Solution CTERA
ID 26f7d89a-b7b7-47cb-ad11-281f66c17c3d
Tactics DefenseEvasion
Techniques T1562
Required Connectors CTERA
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
Syslog ProcessName == "gw-audit" ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Hunting Queries · Back to CTERA