pe3zx/crowdstrike-falcon-queries Star181 Code Issues Pull requests A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon splunkthreat-huntingcrowdstrike UpdatedMay 23, 2020 A really good DFIR automation for collecting and analyzing evidence designed for cyb...
then used the PowerShell command-ep bypassto circumvent the execution policy. Using the Windows Azure Active Directory PowerShell Module, the threat actor connected to the victim’s O365 tenant and began performing enumeration queries. These queries were recorded...