Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Hunts for commonly utilized Microsoft programs (Word, Excel, Publisher, etc) and other programs known to malicious launch powershell or cmd, such as Internet Explorer, Chrome and Firefox.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Cyborg Security HUNTER |
| ID | fc36d683-385a-4ec2-842d-2982dbed97a4 |
| Tactics | CommandandControl |
| Techniques | T1102 |
| Required Connectors | SecurityEvent |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityEvent |
NewProcessName has_any "cmd.exe"NewProcessName has_any "winword.exe" |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊