Files uploaded to teams and access summary

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This hunting queries identifies files uploaded to SharePoint via a Teams chat and summarizes users and IP addresses that have accessed these files. This allows for identification of anomolous file sharing patterns.

Attribute	Value
Type	Hunting Query
Solution	Microsoft 365
ID	90e198a9-efb6-4719-ad89-81b8e93633a7
Tactics	InitialAccess, Exfiltration
Techniques	T1199, T1102, T1078
Required Connectors	Office365
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
OfficeActivity	RecordType == "SharePointFileOperation"	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Microsoft 365