This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About ZAB3115
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About ZAB3115
03-27-2023
4Posts
1Like
0Solutions
Mar 27, 2023Last Visited
User
Activity
User
Profile
Latest posts by ZAB3115
| Subject | Views | Posted |
|---|---|---|
| 753157 | 03-27-2023 02:07 PM | |
| 753362 | 03-27-2023 01:58 PM | |
| 4626 | 05-31-2022 10:22 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 05-31-2022 10:22 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 3 Likes |
User Badges
Community Statistics
| Member Since | 04-23-2021 09:15 AM |
| Date Last Visited | 03-27-2023 07:29 PM |
| Posts | 4 |
| Total Likes Received | 1 |
03-27-2023
02:07 PM
wouldn't it be better to just exlude the alerts instead of disabling analytics ?
... View more
05-31-2022
10:22 AM
1 Kudo
The following queries can be executed for hunting successful exploitation: // msdt.exe execution with suspicious argument config case_sensitive = false timeframe = 30d | dataset = xdr_data | filter event_type = ENUM.PROCESS and action_process_image_command_line contains "msdt.exe" and action_process_image_command_line contains "it_browseforfile" | fields agent_hostname , action_process_image_command_line , action_process_image_path , actor_process_command_line , actor_process_image_path , causality_actor_process_image_path // office processes spawning msdt.exe config case_sensitive = false timeframe = 30d | dataset = xdr_data | filter event_type = ENUM.PROCESS and action_process_image_command_line contains "msdt.exe" and actor_process_image_name in ("winword.exe", "powerpnt.exe", "excel.exe", "msaccess.exe","visio.exe","onenote.exe") | fields agent_hostname , action_process_image_command_line , action_process_image_path , actor_process_command_line , actor_process_image_path , causality_actor_process_image_path
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-27-2023
07:29 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks