Recon Activity with Interactive Logon Correlation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

This query looks at correlating different reconnaissance alerts with interactive logon logs to help analysts investigate initial possible compromise activity

Attribute Value
Type Hunting Query
Solution GitHub Only
ID 346d36c9-2e79-4d8f-8c14-1eef73d38737
Tactics InitialAccess, Impact
Techniques T1190, T1078
Required Connectors AzureSecurityCenter, SecurityEvents, WindowsSecurityEvents, WindowsForwardedEvents
Source [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/MultipleDataSources/ReconActivitywithInteractiveLogonCorrelation.yaml)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Hunting Queries