diff --git a/Exploits/SolarWinds -CVE-2021-35211 b/Exploits/SolarWinds -CVE-2021-35211
new file mode 100644
index 00000000..cf2dd666
--- /dev/null
+++ b/Exploits/SolarWinds -CVE-2021-35211	
@@ -0,0 +1,8 @@
+//Check for network connections with SolarWInds IP's based on DeviceNetworkEvents
+let IPs = pack_array("98.176.196.89", "68.235.178.32", 
+"208.113.35.58","144.34.179.162","97.77.97.58"); 
+DeviceNetworkEvents
+| where RemotePort == 443
+| where Protocol == "Tcp" and ActionType == "ConnectionSuccess"
+| where Timestamp > ago(7d) 
+| where RemoteIP in(IPs)