Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
One of the challenges in making an AppLocker policy is knowing where applications launch from. This query normalizes process launch paths through aliasing, then counts the number of processes launched from that path, how many distinct machines it was launched on, and how many distinct file names \ hashes these processes had. The path is broken into subfolders to help simplify analysis.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 7ae72c80-c114-43cd-bd99-46dab7c13338 |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/General%20queries/AppLocker%20Policy%20Design%20Assistant.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊