Malicious Clicks allowed (click-through)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Visualises malicious URL clicks that were allowed through Safe Links over time, helping analysts identify when users bypass security controls and click on malicious content. Based on Defender for Office 365 workbook: https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/part-2-build-custom-email-security-reports-and-dashboards-with-workbooks-in-micr/4411303

Attribute	Value
Type	Hunting Query
Solution	Microsoft Defender XDR
ID	ba4f7e56-a2f8-4a30-b848-200fdc7fc3a2
Tactics	InitialAccess
Techniques	T1566
Required Connectors	MicrosoftThreatProtection
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
UrlClickEvents	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Microsoft Defender XDR