Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query detects execution of files with one character in the name (e.g, a.exe, 7.ps1, g.vbs etc.). Normally files that are executed have more characters in the name and this can indicate a malicious file.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Endpoint Threat Protection Essentials |
| ID | 299472c4-8382-4c5b-82d9-718cda193393 |
| Tactics | Execution |
| Techniques | T1059 |
| Required Connectors | SecurityEvents, WindowsSecurityEvents |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Event |
EventID == "1"EventLog == "Microsoft-Windows-Sysmon/Operational" |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Endpoint Threat Protection Essentials