Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query will detect paths suspicious associated with ProxyLogon exploitation, it will then calculate the percentage of suspicious URIs the user had visited in relation to the total number of URIs the user has visited. This query will assist in the detection of automated ProxyLogon exploitation.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 3122423d-6c33-43c8-bc10-6d27b4350176 |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | AzureMonitor(IIS) |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
W3CIISLog |
✓ | ✗ | ? |
The following connectors provide data for this content item:
| Connector | Solution |
|---|---|
| ESI-Opt5ExchangeIISLogs | Microsoft Exchange Security - Exchange On-Premises |
Solutions: Microsoft Exchange Security - Exchange On-Premises
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊