Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Adversaries may steal the credentials of a specific user or service account using credential access techniques or capture credentials earlier in their reconnaissance process through social engineering as a means of gaining initial access. APT33, for example, has used valid accounts for initial access. The query below generates an output of a successful sign-in performed by a user from a new geolocation he has never connected to before and none of his peers as well.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | eeea7fb9-21cf-4023-91dc-3f55d7548d14 |
| Tactics | InitialAccess |
| Techniques | T1078 |
| Required Connectors | BehaviorAnalytics, AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
BehaviorAnalytics |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊