Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
The query below identifies powershell commands used by the threat actor Mango Sandstorm. Reference: https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | ce74dc9a-cb3c-4081-8c2f-7d39f6b7bae1 |
| Severity | High |
| Kind | Scheduled |
| Tactics | LateralMovement |
| Techniques | T1570 |
| Required Connectors | SecurityEvents, MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
SecurityEvent |
✓ | ✓ | ? |
The following connectors provide data for this content item:
| Connector | Solution |
|---|---|
| ESI-Opt34DomainControllersSecurityEventLogs | Microsoft Exchange Security - Exchange On-Premises |
| SecurityEvents | Windows Security Events |
| WindowsSecurityEvents | Windows Security Events |
Solutions: Microsoft Exchange Security - Exchange On-Premises, Windows Security Events
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊