Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
The adversary may be trying to move through the environment. APT29 and APT32, for example, have used PtH and PtT techniques to lateral move around the network. The query below generates an output of all users performing resource access (4624:3) to devices for the first time.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | 782f3bad-31f7-468f-8f58-3b74fc931914 |
| Tactics | LateralMovement |
| Techniques | T1550 |
| Required Connectors | BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
BehaviorAnalytics |
ActivityInsights has "True"ActivityType == "LogOn" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊