Skip to content
This repository was archived by the owner on Nov 16, 2023. It is now read-only.

Commit 73d9a2f

Browse files
martyavmartyav
authored
Update cobalt-strike.md
"Can you please change to AlertInfo table in MTP, the DeviceAlertEvents table is MDATP one and going to be deprecated."
1 parent 7bf1887 commit 73d9a2f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Credential Access/cobalt-strike.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ The following query identifies accounts that have logged on to compromised endpo
1717

1818
```Kusto
1919
// Check for specific alerts
20-
DeviceAlertEvents
20+
AlertInfo
2121
// Attempts to clear security event logs.
2222
| where Title in("Event log was cleared",
2323
// List alerts flagging attempts to delete backup files.

0 commit comments

Comments
 (0)