Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query finds matches in OfficeActivity Event data for known FileName Indicators of Compromise from Threat Intelligence sources. FileName matches may produce false positives, so use this for hunting rather than real-time detection.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Threat Intelligence (NEW) |
| ID | bbdb951c-9aba-4d66-85df-f564a1f86881 |
| Tactics | Impact |
| Required Connectors | Office365, ThreatIntelligence, ThreatIntelligenceTaxii, MicrosoftDefenderThreatIntelligence |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
OfficeActivity |
✓ | ✗ | ? |
ThreatIntelIndicators |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Threat Intelligence (NEW)