Beaconing traffic based on common user agents visiting limited number of domains (ASIM Web Session)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query searches web proxy logs for a specific type of beaconing behavior by caparing with a known request pattern.

Attribute	Value
Type	Hunting Query
Solution	Web Session Essentials
ID	8ece8108-7bf7-4571-8f32-ebfd92a6b1ad
Tactics	CommandAndControl
Techniques	T1071.001, T1571
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Web Session Essentials