DetectTorRelayConnectivity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This advanced hunting query detects processes communicating with known Tor relay IP addresses. The public URL in the query is updated daily at 12PM and 12AM UTC. CSV source is the Tor Project API, obtained with: https://github.com/Dylan-J/Tor-Project-Statistics

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	26be4a5f-7e6f-4c2e-967d-467bddcbb51a
Tactics	Discovery, Command and control
Required Connectors	MicrosoftThreatProtection
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Discovery/DetectTorRelayConnectivity.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries