Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This hunting query looks for potential command injection attempts via the vulnerable third-party driver against Azure IR with Managed VNet or SHIR processes as well as post-exploitation activity based on process execution and command line activity Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972 https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-2997
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 2d1a3e86-f1a0-49d0-b88a-55789e1d6660 |
| Tactics | Collection |
| Techniques | T1074.001 |
| Required Connectors | MicrosoftDefenderAdvancedThreatProtection, MicrosoftThreatProtection, WindowsSecurityEvents, WindowsForwardedEvents |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
SecurityEvent |
✓ | ✓ | ? |
WindowsEvent |
✓ | ✓ | ? |
The following connectors provide data for this content item:
Solutions: Microsoft Exchange Security - Exchange On-Premises, Windows Forwarded Events, Windows Security Events
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊