Query Details
Midnight Blizzard
Query
//Checking for Midnight Blizzard impact in environment
union
(
BehaviorEntities
| where ThreatFamily contains "Midnight Blizzard"
| project Timestamp, BehaviorId, ActionType, Categories, ServiceSource, DetectionSource, DataSources, EntityType, EntityRole, DetailedEntityRole
),
(
AlertEvidence
| where ThreatFamily contains "Midnight Blizzard"
| project Timestamp, AlertId, Title, Categories, AttackTechniques, ServiceSource, DetectionSource, EntityType, EvidenceRole, EvidenceDirection, Severity
)
Explanation
This query is looking for any impact from the "Midnight Blizzard" threat in the environment by checking behavior entities and alert evidence related to this threat. It retrieves specific information such as timestamps, IDs, actions, categories, sources, and severity levels.
Details
Rod Trent
Released: March 8, 2024
Tables
BehaviorEntitiesAlertEvidence
Keywords
ThreatFamily,Timestamp,BehaviorId,ActionType,Categories,ServiceSource,DetectionSource,DataSources,EntityType,EntityRole,DetailedEntityRole,AlertEvidence,AlertId,Title,AttackTechniques,EvidenceRole,EvidenceDirection,Severity.
Operators
unionwherecontainsproject