Validate your Windows Audit Policy Configuration with KQL
Tags
| attack-pattern: | Data Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | c5ddf697-4e6f-4bd2-a6de-0c5de5f02231 |
| Fingerprint | c89dca487cc31608 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 5, 2024, 9 a.m. |
| Added to db | Sept. 5, 2024, 9:03 a.m. |
| Last updated | Nov. 15, 2024, 10:43 a.m. |
| Headline | Validate your Windows Audit Policy Configuration with KQL |
| Title | Validate your Windows Audit Policy Configuration with KQL |
| Detected Hints/Tags/Attributes | 31/1/11 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 43 | ✔ | NVISO Labs | https://blog.nviso.eu/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | rodtrent.substack.com |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 2 | studylib.net |
|
| Details | Domain | 101 | www.elastic.co |
|
| Details | File | 1 | left.key |
|
| Details | File | 1 | right.key |
|
| Details | File | 1 | decode_xml_wineventlog-processor.html |
|
| Details | Url | 1 | https://rodtrent.substack.com/p/microsoft-sentinel-updated-securityevent |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/kusto/query/join-operator?view=microsoft |
|
| Details | Url | 1 | https://studylib.net/doc/6843715/microsoft-windows-rt |
|
| Details | Url | 1 | https://www.elastic.co/guide/en/fleet/current/decode_xml_wineventlog-processor.html |