Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query will detect paths suspicious associated with ProxyLogon exploitation, it will then calculate the percentage of suspicious URIs the user had visited in relation to the total number of URIs the user has visited. This query will assist in the detection of automated ProxyLogon exploitation.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 3122423d-6c33-43c8-bc10-6d27b4350176 |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | AzureMonitor(IIS) |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/W3CIISLog/ExchangeServerSuspiciousURIsVisited.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊