Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query finds matches in Syslog Event data for known FileName Indicators of Compromise from Threat Intelligence sources. FileName matches may produce false positives, so use this for hunting rather than real-time detection.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Threat Intelligence |
| ID | 18f7de84-de55-4983-aca3-a18bc846b4e0 |
| Tactics | Impact |
| Required Connectors | Syslog, ThreatIntelligence, ThreatIntelligenceTaxii, MicrosoftDefenderThreatIntelligence |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
Syslog |
✓ | ✓ | ? |
ThreatIntelligenceIndicator |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊