Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
'This composite hunting query will highlight any HTTP traffic in CommonSecurityLog web proxies (such as ZScaler) that match known patterns used by red teaming tools potentially stolen from FireEye. Most FireEye red teaming tools are designed to mimic legitimate API activity, false positives are common. This query includes a basic check to determine how common a hostname is in you environment, and allows you to modify this threshold to remove legitimate traffic from the query results. This query
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | e3b8ca4a-2bab-4246-860c-fc3bb8e7ac50 |
| Tactics | CommandAndControl |
| Techniques | T1071.001 |
| Required Connectors | Zscaler |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/MultipleDataSources/FireEyeRedTeamComms.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊