Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Tracks members of userData.consoleGroupMembers over time. Additions indicate new admin access; removals indicate revoked access. Both warrant review - additions are an account-creation signal, removals can be a sign of attacker cleanup.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UniFi Site Manager (CCF) |
| ID | 8e22eb19-51df-37f7-468f-9d112fff9098 |
| Kind | HuntingQuery |
| Tactics | Persistence |
| Techniques | T1098 |
| Required Connectors | UniFiSiteManagerConnectorDefinition |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
Unifi_SiteManager_Hosts_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Hunting Queries · Back to UniFi Site Manager (CCF)