KQL for 3CX Compromise

Copper Contributor

Afternoon fellow blue teamers. I have some queries to detect IOCs from the recent 3CX compromise. I have a JSON file with an analytics rule you could import, as well as Defender advanced hunting queries.

 

melatonein5/3CXBeacoingKQLQuery: KQL to detect beaconing to IOCs from the 3CX compromise (github.com...

 

I thought I would make some of your lives easier. Happy Thursday!

0 Replies