Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
The hunting query looks for suspicious files accessed on a IIS server that might indicate exfiltration hosting. This technique has been observed when exporting mailbox files from OWA servers.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Standalone Content |
| ID | a523786c-8382-4029-80e9-f1a7ecd067c1 |
| Severity | Low |
| Tactics | Exfiltration |
| Techniques | T1567 |
| Required Connectors | AzureMonitor(IIS) |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/W3CIISLog/SuspectedMailBoxExportHostonOWA.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊