Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Search for the files that are using a compromised certificate associated with the Lapsus$ group. You can remove the comments to: 1. get the list of devices where there is at least one file signed with the certificate 2. get the list of files signed with the certificate 3. get the list of files signed with the certificate group by Devices
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | fa2db236-b846-45b7-b161-00da96717051 |
| Tactics | Privilege escalation, Vulnerability |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Campaigns/compromised%20nvidia%20certificates%5BLapsus%24%5D.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊