Detect SMB File Copies
Description Adversaries can use SMB to upload files to remote shares or to interact with files on those shares. A
Read MoreWhere Every Failure Becomes A Manual
Description Adversaries can use SMB to upload files to remote shares or to interact with files on those shares. A
Read MoreDescription This KQL query detects when multiple sensitive group additions have been initiated from the command-line within a certain timeframe.
Read MoreDescription Adversaries may use executable files to gain initial access. A tactic that is used is to send executable files,
Read MoreDescription Attackers install web shells on servers by taking advantage of security gaps, typically vulnerabilities in web applications, in internet-facing
Read MoreDescription Adversaries can use older kerberos encryption algorithms which are vulnerable to brute force attacks to crack passwords. This query
Read MoreDescription Adversaries may create local accounts to perform malicious activities. Those accounts can then be used to logon to the
Read MoreDescription Adversaries may use macro enabled files go gain access to the network. If the macros are not enabled the
Read MoreDescription This KQL query searches for unwanted or malicious applications detected by Fortinet. Qurery Microsoft Sentinel References
Read MoreDescription This KQL query look for malicious DNS names detected by Fortinet based on Sentinel Threat Intelligence indicators. Risk Explain
Read More