Skip to content

Latest commit

 

History

History
42 lines (33 loc) · 1.22 KB

DetectionTemplate.md

File metadata and controls

42 lines (33 loc) · 1.22 KB

Detection Title

Query Information

MITRE ATT&CK Technique(s)

Technique ID Title Link
T1134.002 Access Token Manipulation: Create Process with Token Access Token Manipulation: Create Process with Token

Description

Description of the detection rule.

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Risk

Explain what risk this detection tries to cover

Author

  • Name:
  • Github:
  • Twitter:
  • LinkedIn:
  • Website:

References

Defender For Endpoint

// Paste your query here
DeviceProcessEvents
| where FileName == "Example.File"

Sentinel

// Paste your query here
DeviceProcessEvents
| where FileName == "Example.File"