User navigation to redirected URL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query identifies when a user clicks a link that opens a browser to navigate to a URL which uses redirection. It then filters out any redirections to URLs in the same DNS namespace as the originating URL. Redirection identification is done based on URL query parameters outlined in the following article: https://www.bleepingcomputer.com/news/security/snapchat-amex-sites-abused-in-microsoft-365-phishing-attacks/

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	daf19704-a996-4df7-9a0b-3efac47fea5a
Tactics	InitialAccess
Techniques	T1566.002
Required Connectors	MicrosoftThreatProtection
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Initial%20access/User%20navigation%20to%20redirected%20URL.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries