Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query generates process trees of given processes and performs anomaly detection on the process trees. It generates process trees up to 7th level. The query can be used as a template to perform anomaly detection on specific processes like winword.exe, powerpnt.exe, w3wp.exe, etc. The query runs without any performance issues in large environments. Detailed explanation can be found here Reference - https://mergene.medium.com/detecting-threats-with-process-tree-analysis-without-machine-learnin
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | a3bbacd9-7e8a-4dbc-a168-d08740f9904e |
| Tactics | Initial access, Execution, Persistence, Discovery, Lateral movement |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊