Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Look for successful logons from known VPS provider network ranges with suspicious token-based logon patterns. This is not an exhaustive list of VPS provider ranges, but it covers some of the most prevalent providers observed.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | SecurityThreatEssentialSolution |
| ID | f347ff55-6443-46b6-9abb-4f8f9b3209f8 |
| Tactics | InitialAccess |
| Techniques | T1078 |
| Required Connectors | AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SigninLogs |
ResultType == "0" |
✓ | ✗ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Hunting Queries · Back to SecurityThreatEssentialSolution