Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Malware authors will sometimes hardcode user agent string values when writing the network communication component of their malware. Malformed user agents can be an indication of such malware.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | a357535e-f722-4afe-b375-cff362b2b376 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | InitialAccess, CommandAndControl, Execution |
| Techniques | T1189, T1071, T1203 |
| Required Connectors | WAF, Office365, AzureActiveDirectory, AzureActiveDirectory, AWS, AzureMonitor(IIS) |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
AADNonInteractiveUserSignInLogs |
✓ | ✗ | ? |
AWSCloudTrail |
✓ | ✓ | ? |
AzureDiagnostics 🔶 |
? | ✗ | ? |
OfficeActivity |
✓ | ✗ | ? |
SigninLogs |
✓ | ✗ | ? |
W3CIISLog |
✓ | ✗ | ? |
The following connectors provide data for this content item:
| Connector | Solution |
|---|---|
| AWS | Amazon Web Services |
| AzureActiveDirectory | Microsoft Entra ID |
| ESI-Opt5ExchangeIISLogs | Microsoft Exchange Security - Exchange On-Premises |
Solutions: Amazon Web Services, Microsoft Entra ID, Microsoft Exchange Security - Exchange On-Premises
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊