DetectTorRelayConnectivity

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This advanced hunting query detects processes communicating with known Tor relay IP addresses. The public URL in the query is updated daily at 12PM and 12AM UTC. CSV source is the Tor Project API, obtained with: https://github.com/Dylan-J/Tor-Project-Statistics

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	26be4a5f-7e6f-4c2e-967d-467bddcbb51a
Tactics	Discovery, Command and control
Required Connectors	MicrosoftThreatProtection
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
DeviceInfo	✓	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries