Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query identifies when a user clicks a link that opens a browser to navigate to a URL which uses redirection. It then filters out any redirections to URLs in the same DNS namespace as the originating URL. Redirection identification is done based on URL query parameters outlined in the following article: https://www.bleepingcomputer.com/news/security/snapchat-amex-sites-abused-in-microsoft-365-phishing-attacks/
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | daf19704-a996-4df7-9a0b-3efac47fea5a |
| Tactics | InitialAccess |
| Techniques | T1566.002 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
DeviceEvents |
ActionType == "BrowserLaunchedToOpenUrl" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊