MDE/MDI/MDO365 advanced hunt queries to ELK - Threat hunting with hints of incident response
Tags
| attack-pattern: | Data Python - T1059.006 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 453dce17-49cf-4aa1-80dd-182fb220144e |
| Fingerprint | f339a9176fb2925a |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 28, 2022, 6:56 p.m. |
| Added to db | Nov. 8, 2023, 11:57 p.m. |
| Last updated | Dec. 23, 2024, 5:07 p.m. |
| Headline | MDE/MDI/MDO365 advanced hunt queries to ELK |
| Title | MDE/MDI/MDO365 advanced hunt queries to ELK - Threat hunting with hints of incident response |
| Detected Hints/Tags/Attributes | 22/1/11 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 252 | ✔ | | Threat hunting with hints of incident response | https://threathunt.blog/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4703 | github.com |
|
| Details | Domain | 1 | api.security.microsoft.com |
|
| Details | Domain | 8 | response.read |
|
| Details | Domain | 3 | threathunt.blog |
|
| Details | File | 49 | request.url |
|
| Details | File | 1 | mde_to_elk.py |
|
| Details | Github username | 52 | microsoft |
|
| Details | Github username | 3 | jounimi |
|
| Details | Url | 1 | https://github.com/microsoft/microsoft-365-defender-hunting-queries/blob/master/notebooks/m365d |
|
| Details | Url | 1 | https://api.security.microsoft.com/api/advancedhunting/run |
|
| Details | Url | 1 | https://github.com/jounimi/threathunt.blog/blob/main/mde_to_elk.py |