1 Case / 2 KQL’s
Sergio Albea Case :UB4.C2.K1 – Use plugins on websites KQL Query :Monitor device service tampering (UB2.C5 -Manage device services)Detect WordPress plugins from HTTP requests (UB4.C2.K1 – Use plugins on websites. )
October 2024
1 Case / 1 KQL
Case :UB2.C6 -Connect to charge stations KQL Query : Detect Screenshots taken on devices (UB3.C3.T1 -Data leakage of sensitive or critical information)
(UB3) Monitoring Sign-In Attempts from Airport Networks
(UB3.C2.K1 – Sign-in attempts from anywhere) New Threat Detection: Monitoring Sign-In Attempts from Airport Networks As cyber threats continue to evolve, it is crucial to enhance our security posture to…
1 Case / 2 KQL’s
Case :UB6.C5 Authentication appsKQL Query : UB6.C4.K1 Users authenticate with SMSUB5.C2.T2 Plugins and add-ons added into software programs establishing connections or exchanging data to non-allowed countries
1-Case / 1-Protection / 1 -Threats /
Case :UB5.C3 Software configurationsUB5.C3.K1 – Users can add exclusionsProtection : UB5.C3.K1.P1 – Monitor/Restrict allowed exclusions actions Threat : UB5.C3.K1.T1 Users could add exceptions in antivirus, anitmalware or other threat monitoring…
2 Cases / 4 Protections / 4 Threats / 2 KQL’s
Case :UB6.C3 Generate tokensUB6.C4.K1 Users authenticate with SMSProtection : UB6.C3.P1 Use tokens with short lifespans or implement token rotation strategies.UB6.C3.P2 Implement a process to detect and revoke compromised tokens as…
1 Case / 2 Protections / 2 Threats / 1 KQL
Case :UB1.C7 Email Delegate permissionsProtection : UB1.C7.P1 – Audit MailboxesUB1.C7.P2 – Block/Disable permission delegation feature or require on-demand approvalThreat : UB1.C7.T1 – Unauthorised user access to restricted or sensitive information…
1 Case / 1 Known Interaction / 2 Threat / 1 KQL
Case – UB1.C6 Remove EmailsThreat – UB1.C6.T1 – Lost of email non-reputation evidenceK –KQL Queries – UB7.C1.K1.T1 Data leakageKnown interaction – (Users) UB3.C2.K2 – Sign-in on non-owner devicesThreat- UB3.C2.K2.T1 –…