Skip to content

Commit dace0d9

Browse files
patel-bhavinpatel-bhavin
authored
Merge pull request #965 from nterl0k/nterl0k-t1552-sus_o365_searches
Nterl0k - T1552 Suspect O365 searches
2 parents b702b13 + b7df315 commit dace0d9

File tree

2 files changed

+6
-3
lines changed

2 files changed

+6
-3
lines changed

datasets/attack_techniques/T1213.002/o365_sus_sharepoint_search/o365_sus_sharepoint_search.log

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
version https://git-lfs.github.com/spec/v1
2-
oid sha256:c0edf045b5e5ed56ce67dd3ecd98c2fbfe7b346f8926318c76f268cf87890a1e
3-
size 29506
2+
oid sha256:1b55de42ceedaf4f7849337db406a7bfffeaa2d723f88b1f601e5e9278b97e4b
3+
size 42676

datasets/attack_techniques/T1213.002/o365_sus_sharepoint_search/o365_sus_sharepoint_search.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,8 @@ dataset:
88
sourcetypes:
99
- o365:management:activity
1010
references:
11+
- https://learn.microsoft.com/en-us/purview/audit-get-started#step-3-enable-searchqueryinitiated-events
12+
- https://www.cisa.gov/sites/default/files/2025-01/microsoft-expanded-cloud-logs-implementation-playbook-508c.pdf
1113
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
12-
- https://attack.mitre.org/techniques/T1213/002/
14+
- https://attack.mitre.org/techniques/T1213/002/
15+
- https://attack.mitre.org/techniques/T1114/002/

0 commit comments

Comments
 (0)