Web shell file alert enrichment

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Extracts MDATP Alert for a web shell being placed on the server and then enriches this event with information from W3CIISLog to idnetigy the Attacker that placed the shell

Attribute	Value
Type	Hunting Query
Solution	Standalone Content
ID	d0a3cb7b-375e-402d-9827-adafe0ce386d
Tactics	PrivilegeEscalation, Persistence
Required Connectors	MicrosoftDefenderAdvancedThreatProtection, AzureMonitor(IIS)
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/SecurityAlert/WebShellFileAlertEnrich.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries