Update BariumIPIOC.yaml
This commit is contained in:
aprakash13
GitHub
Родитель
2a371c7bba
Коммит
8f016bb857
|
|
@ -2,7 +2,7 @@ id: 6ee72a9e-2e54-459c-bc9a-9c09a6502a63
|
|||
name: Known Barium IP
|
||||
description: |
|
||||
'Identifies a match across various data feeds for IP IOCs related to the Barium activity group.
|
||||
References: https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer'
|
||||
References: https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer'
|
||||
severity: High
|
||||
requiredDataConnectors:
|
||||
- connectorId: Office365
|
||||
|
|
@ -138,4 +138,4 @@ query: |
|
|||
| where RemoteIP in (IPList)
|
||||
| extend timestamp = TimeGenerated, IPCustomEntity = RemoteIP, HostCustomEntity = DeviceName
|
||||
)
|
||||
)
|
||||
)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче