Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
The query looks for Command Lines that contain non ASCII characaters. Insertion of these characters could be used to evade detections. Command lines should be reviewed to determine whether inclusion of non ASCII characters was deliberate or not
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Endpoint Threat Protection Essentials |
| ID | a953f304-12e4-48ae-bedc-d58fb1b0c6a6 |
| Tactics | DefenseEvasion |
| Techniques | T1027 |
| Required Connectors | SecurityEvents, WindowsSecurityEvents, MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
SecurityEvent |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Endpoint Threat Protection Essentials