Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
'Adversaries may interrupt the availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to them. LockerGoga, for example, has been observed changing account passwords and logging off current users. The query below generates an output of all users performing Reset User Password where one or more features of the activity deviate from the user, his peers, or
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | 22b0262c-b6b5-4f15-82a4-93663e9965d7 |
| Tactics | Impact |
| Techniques | T1531 |
| Required Connectors | BehaviorAnalytics, AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
BehaviorAnalytics |
ActivityInsights has "True" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊