Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query finds matches in Security Event data for known FileName Indicators of Compromise from Threat Intelligence sources. FileName matches may produce false positives, so use this for hunting rather than real-time detection.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Threat Intelligence |
| ID | 233441b9-cc92-4c9b-87fa-73b855fcd4b8 |
| Tactics | Impact |
| Required Connectors | SecurityEvents, ThreatIntelligence, ThreatIntelligenceTaxii, MicrosoftDefenderThreatIntelligence |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityEvent |
EventID in "4648,4673,4688,8002" |
✓ | ✓ | ? |
ThreatIntelligenceIndicator |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊