Mar 30 2023 09:23 AM
Afternoon fellow blue teamers. I have some queries to detect IOCs from the recent 3CX compromise. I have a JSON file with an analytics rule you could import, as well as Defender advanced hunting queries.
I thought I would make some of your lives easier. Happy Thursday!