Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Query for links opened from mail apps - if a detection occurred right afterwards. As there are many links opened from mails, to have a successful hunt we should have some filter or join with some other signal,. Such as suspicious processes, network connections, etc. Therefore, in this example, we query for alerts that might be related to links sent via email. This could be indicative of a phishing or spear-phishing attacks. Tags: #EmailLink, #Phishing, #GetNearbyAlerts. Explaining the underlying
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 67be3fdd-6942-45f8-8663-d825b61d1ab9 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AlertInfo |
✓ | ✗ | ? | |
DeviceEvents |
ActionType == "BrowserLaunchedToOpenUrl" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊