Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This KQL query identifies network-based indicators from CYFIRMA intelligence that are associated with the role 'TOR'. These indicators may include IP addresses, domains, and URLs related to Tor network activity. Threat actors often use Tor for anonymous communication, command and control, data exfiltration, and evasion of network defenses.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Cyfirma Cyber Intelligence |
| ID | 6f107cf8-02f9-4440-b5d8-1235293e5ad7 |
| Severity | High |
| Kind | Scheduled |
| Tactics | CommandAndControl, Exfiltration, InitialAccess, Persistence, Reconnaissance |
| Techniques | T1090, T1572, T1048, T1071, T1189, T1505, T1595, T1090.003, T1048.002, T1071.001, T1505.003, T1595.002 |
| Required Connectors | CyfirmaCyberIntelligenceDC |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CyfirmaIndicators_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Cyfirma Cyber Intelligence