Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This rule identifies a web request with a user agent header known to belong to a hacking tool. This indicates a hacking tool is used on the host.
You can add custom hacking tool indicating User-Agent headers using a watchlist, for more information refer to the UnusualUserAgents Watchlist. This analytic rule uses ASIM and supports any built-in or custom source that supports the ASIM WebSession schema (ASIM WebSessio
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | 3f0c20d5-6228-48ef-92f3-9ff7822c1954 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | Execution, Discovery, LateralMovement, Collection, CommandAndControl, Exfiltration |
| Techniques | T1059, T1046, T1021, T1557, T1102, T1020 |
| Required Connectors | SquidProxy, Zscaler |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊