Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Visualises the top 10 users with click attempts on URLs in emails detected as phishing, helping analysts identify risky user behaviour and potential targets. Based on Defender for Office 365 workbook: https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/part-2-build-custom-email-security-reports-and-dashboards-with-workbooks-in-micr/4411303
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft Defender XDR |
| ID | a937905e-ee5c-406c-ab86-8e2581240112 |
| Tactics | InitialAccess |
| Techniques | T1566 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
UrlClickEvents |
ThreatTypes == "Phish" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊