Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This rule detects web requests made to URLs containing file types such as .ps1, .bat, .vbs,.scr etc. which have the potential to be harmful if downloaded. This rule uses the Advanced Security Information Model (ASIM) and supports any web session source that complies with ASIM.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Web Session Essentials |
| ID | c6608467-3678-45fe-b038-b590ce6d00fb |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | InitialAccess, Persistence, Execution |
| Techniques | T1133, T1203, T1566 |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
Watchlist |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊