Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Look for successful logons from known VPS provider network ranges with suspicious token-based logon patterns. This is not an exhaustive list of VPS provider ranges, but it covers some of the most prevalent providers observed.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | SecurityThreatEssentialSolution |
| ID | f347ff55-6443-46b6-9abb-4f8f9b3209f8 |
| Tactics | InitialAccess |
| Techniques | T1078 |
| Required Connectors | AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SigninLogs |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to SecurityThreatEssentialSolution