Zeek and Defender Endpoint - SANS Internet Storm Center
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Phishing - T1660 Phishing - T1566 |
Common Information
| Type | Value |
|---|---|
| UUID | 9cde77d6-60e2-4698-b29c-b7924b48eef3 |
| Fingerprint | 1b5baf530dbfd21b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 2, 2023, midnight |
| Added to db | Aug. 2, 2023, 3:31 a.m. |
| Last updated | Nov. 6, 2024, 11:07 a.m. |
| Headline | Internet Storm Center |
| Title | Zeek and Defender Endpoint - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 10/2/6 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://isc.sans.edu/diary/rss/30088 |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 142 | ✔ | SANS Internet Storm Center, InfoCON: green | https://isc.sans.edu/rssfeed_full.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 12 | download.windowsupdate.com |
|
| Details | Github username | 1 | mitchellkrogza |
|
| Details | IPv4 | 79 | 1.2.3.4 |
|
| Details | Url | 1 | https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list |
|
| Details | Url | 1 | https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/enrich-your-advanced-hunting-experience-using-network-layer/ba-p/3794693 |
|
| Details | Url | 1 | https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/hunting-for-network-signatures-in-microsoft-defender-for/ba-p/3429520 |