Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Tracking via user agent is one way to differentiate between types of connecting device. In homogeneous enterprise environments the user agent associated with an attacker device may stand out as unusual.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft 365 |
| ID | f2367171-1514-4c67-88ef-27434b6a1093 |
| Tactics | Exfiltration |
| Techniques | T1030 |
| Required Connectors | AzureActiveDirectory, Office365 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
OfficeActivity |
RecordType == "SharePointFileOperation" |
✓ | ✗ | ? |
SigninLogs |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊