Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query will dynamically identify Exchange servers using common web paths used by the application in the csUriStem. The query will then collect MDE alerts from the SecurityAlert table using the identified Exchange Server hostnames.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 84026aa0-7020-45d0-9f85-d526e43de2ab |
| Tactics | InitialAccess |
| Techniques | T1190 |
| Required Connectors | AzureMonitor(IIS), MicrosoftDefenderAdvancedThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/MultipleDataSources/ExchangeServersAssociatedSecurityAlerts.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊