Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
The adversary may be trying to move through the environment. APT29 and APT32, for example, have used PtH and PtT techniques to lateral move around the network. The query below generates an output of all users performing resource access (4624:3) to devices for the first time.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | 782f3bad-31f7-468f-8f58-3b74fc931914 |
| Tactics | LateralMovement |
| Techniques | T1550 |
| Required Connectors | BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
BehaviorAnalytics |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊