Cyborg Security HUNTER Platform - Threat Hunting Packages for Microsoft Sentinel
Solution: Cyborg Security HUNTER
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Cyborg Security |
| Support Tier | Partner |
| Support Link | https://hunter.cyborgsecurity.io/customer-support |
| Categories | domains |
| Version | 3.0.0 |
| Author | Mike Mitchell - mike@cyborgsecurity.com |
| First Published | 2023-07-03 |
| Last Updated | 2023-09-22 |
| Solution Folder | Cyborg Security HUNTER |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
The Cyborg Security HUNTER solution for Microsoft Sentinel helps analysts to configure the 'Open in Tool' button within the HUNTER platform, allowing the Microsoft Sentinel hunt packages to be deployed in the Microsoft Sentinel Platform
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
SecurityEvent |
Cyborg Security HUNTER Hunt Packages | Hunting |
Content Items
This solution includes 10 content item(s):
| Content Type | Count |
|---|---|
| Hunting Queries | 10 |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Attempted VBScript Stored in Non-Run CurrentVersion Registry Key Value | DefenseEvasion | SecurityEvent |
| Excessive Windows Discovery and Execution Processes - Potential Malware Installation | Discovery | SecurityEvent |
| LSASS Memory Dumping using WerFault.exe - Command Identification | CredentialAccess | SecurityEvent |
| Metasploit / Impacket PsExec Process Creation Activity | Execution | SecurityEvent |
| Potential Maldoc Execution Chain Observed | DefenseEvasion, Execution, InitialAccess | SecurityEvent |
| PowerShell Pastebin Download | CommandandControl | SecurityEvent |
| Powershell Encoded Command Execution | DefenseEvasion, Execution | SecurityEvent |
| Prohibited Applications Spawning cmd.exe or powershell.exe | CommandandControl | SecurityEvent |
| Proxy VBScript Execution via CurrentVersion Registry Key | DefenseEvasion, Execution | SecurityEvent |
| Rundll32 or cmd Executing Application from Explorer - Potential Malware Execution Chain | Execution | SecurityEvent |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 22-11-2023 | Initial Submission |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊