Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Looks for valid variations of the -EncodedCommand parameter. Commonly used to encode or obfuscate commands, and not all occurrences are malicious.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Cyborg Security HUNTER |
| ID | d2d3bbc2-6e57-4043-ab24-988a6a6c88db |
| Tactics | DefenseEvasion, Execution |
| Techniques | T1027, T1059.001 |
| Required Connectors | SecurityEvent |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityEvent |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊