Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Utilizes a list of commonly abused LOLB an attacker or malware would execute in quick succession. The presence of multiple executions of the programs within the list can be indicative of an infection or malicious activity occurring on a victim host.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Cyborg Security HUNTER |
| ID | 6d1c9f13-e43e-4b52-a443-5799465d573b |
| Tactics | Discovery |
| Techniques | T1016 |
| Required Connectors | SecurityEvent |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityEvent |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊