Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query uses Microsoft Defender for Endpoint data to look for IoCs associated with the SUNSPOT malware shared by Crowdstrike. More details: - https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/ - https://techcommunity.microsoft.com/blog/microsoftsentinelblog/monitoring-the-software-supply-chain-with-azure-sentinel/2176463/
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Microsoft Defender XDR |
| ID | 53e936c6-6c30-4d12-8343-b8a0456e8429 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Persistence |
| Techniques | T1554 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceEvents |
✓ | ✗ | ? |
DeviceImageLoadEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊