Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This detection mechanism examines connections made to a domain where only a single file is requested, which is considered unusual since most contemporary web applications require additional resources. Such activity is often associated with malware beaconing or tracking URLs delivered via emails. The query includes a sample set of popular web script extensions (scriptExtensions), which should be customized to align with the specific requirements of your environment
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Web Session Essentials |
| ID | c99cf650-c53b-4c4c-9671-7d7500191a10 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | CommandAndControl |
| Techniques | T1102, T1071 |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊