Detecting Suspicious PowerShell Command Executions

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Spot connections to rarely accessed external domains that are present in your watchlist, which could signify data exfiltration attempts or C2 communication.

Attribute	Value
Type	Hunting Query
Solution	Cyware
ID	deb99c6f-1903-455b-bb2c-0036614110bc
Tactics	CommandAndControl
Techniques	T1102
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
DeviceNetworkEvents	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Cyware