Detect Modification to System Files or Directories by User Accounts

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This hunting query searches for modifications to system files or directories by a non system account (User Account).

Attribute	Value
Type	Hunting Query
Solution	Malware Protection Essentials
ID	54b222c4-0149-421e-9d6d-da66da50495a
Tactics	DefenseEvasion, Persistence, PrivilegeEscalation
Techniques	T1036, T1543
Required Connectors	CrowdStrikeFalconEndpointProtection, MicrosoftThreatProtection, SentinelOne, VMwareCarbonBlack, CiscoSecureEndpoint, TrendMicroApexOne, TrendMicroApexOneAma
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Malware Protection Essentials