Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Search for the files that are using a compromised certificate associated with the Lapsus$ group. You can remove the comments to: 1. get the list of devices where there is at least one file signed with the certificate 2. get the list of files signed with the certificate 3. get the list of files signed with the certificate group by Devices
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | fa2db236-b846-45b7-b161-00da96717051 |
| Tactics | Privilege escalation, Vulnerability |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceFileCertificateInfo |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊