Skip to content

Commit

Permalink
initial upload
Browse files Browse the repository at this point in the history
  • Loading branch information
@nterl0k
nterl0k authored Jan 8, 2025
1 parent 7afa788 commit 4ca537c
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
3 changes: 3 additions & 0 deletions ...ets/attack_techniques/T1213.002/o365_sus_sharepoint_search/o365_sus_sharepoint_search.log
View file
Git LFS file not shown
12 changes: 12 additions & 0 deletions ...ets/attack_techniques/T1213.002/o365_sus_sharepoint_search/o365_sus_sharepoint_search.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
author: Steven Dick
id: 722e396e-9e74-4516-882d-0fc94f5d2b33
date: '2024-12-19'
description: 'Sample of events when Sharepoint is searched for a sensitive term / or high rate of searching.'
environment: attack_range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1213.002/o365_sus_sharepoint_search/o365_sus_sharepoint_search.log
sourcetypes:
- o365:management:activity
references:
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
- https://attack.mitre.org/techniques/T1213/002/

0 comments on commit 4ca537c

Please sign in to comment.