Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Visualises click attempts on malicious URLs, grouped by workload (such as Exchange, Teams, SharePoint, Copilot etc.), to help analysts understand which workloads are most targeted. Based on Defender for Office 365 workbook: https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/part-2-build-custom-email-security-reports-and-dashboards-with-workbooks-in-micr/4411303
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft Defender XDR |
| ID | c2b4ef3a-216d-4506-8b35-6a1b0f2a3bf7 |
| Tactics | InitialAccess |
| Techniques | T1566 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
⚠️ Not listed in Solution JSON: This content item was discovered by scanning the solution folder but is not included in the official Solution JSON file. It may be a legacy item, under development, or excluded from the official solution package.
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
UrlClickEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊