search

Bert-JanP / Hunting-Queries-Detection-Rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
https://kqlquery.com
BSD 3-Clause "New" or "Revised" License
1.14k stars 213 forks source link

Create Impersonate Execution.md #4

Closed prashanthpulisetti closed 1 year ago

prashanthpulisetti commented 1 year ago

Impersonate Execution

Detects execution of the Impersonate tool. Which can be used to manipulate tokens on a Windows computers remotely (PsExec/WmiExec) or interactively

Bert-JanP commented 1 year ago

The query send contains syntax errors. They are located in the last line. Please fix them. Additionally, this query is hard to read, since the hashes do not make sense for external users. So please explain what is being filtered.