Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This query detects suspicious user agent strings used by exploit and pen test frameworks.There are several exploit and pen test frameworks that are being used by pen testers as well as attackers to compromise an environment and achieve their objective. The query tries to detect suspicious user agent strings used by these frameworks in some of the data sources that contain UserAgent field. This is based out of sigma rules described in references. References: https://github.com/SigmaHQ/sigma/blo
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Network Threat Protection Essentials |
| ID | df75ac6c-7b0b-40d2-82e4-191c012f1a07 |
| Tactics | InitialAccess, CommandAndControl, Execution |
| Techniques | T1189, T1071, T1203 |
| Required Connectors | Office365, AWS, AzureMonitor(IIS) |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AWSCloudTrail |
✓ | ✓ | ? |
OfficeActivity |
✓ | ✗ | ? |
W3CIISLog |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Network Threat Protection Essentials