URI requests from single client

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This finds connections to server files requested by only one client. Effective when actor uses static operational IP addresses. Threshold can be modified. Larger execution window increases reliability of results.

Attribute	Value
Type	Hunting Query
Solution	Standalone Content
ID	a787a819-40df-4c9f-a5ae-850d5a2a0cf6
Severity	Low
Tactics	InitialAccess
Techniques	T1190
Required Connectors	AzureMonitor(IIS)
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/W3CIISLog/RareClientFileAccess.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries