Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Adversaries may disable security tools to avoid possible detection of their tools and activities. DarkComet, for example, can disable Security Center functions like anti-virus. The query below generates an output of all users performing a "delete" operation regarding a security policy where one or more features of the activity deviate from the user, his peers, or the tenant profile.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | fcb704ae-ac17-400a-9ed9-3c46bd0a3960 |
| Tactics | DefenseEvasion |
| Techniques | T1562 |
| Required Connectors | BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
BehaviorAnalytics |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊