Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Beyond your internal software management systems, it is possible you may not have visibility into your entire footprint of SolarWinds installations. This query helps discover any systems that have SolarWinds processes.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Legacy IOC based Threat Protection |
| ID | 278592b5-612b-48a4-bb38-4c01ff8ee2a5 |
| Tactics | Execution |
| Techniques | T1072 |
| Required Connectors | SecurityEvents, MicrosoftThreatProtection, WindowsSecurityEvents, WindowsForwardedEvents |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? | |
Event |
Source == "Microsoft-Windows-Sysmon" |
✓ | ✓ | ? |
SecurityEvent |
✓ | ✓ | ? | |
WindowsEvent |
EventID in "1,4688" |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Legacy IOC based Threat Protection