MOHAMMED VASEEM SHAIK’s Post

View profile for MOHAMMED VASEEM SHAIK, graphic

Senior Cybersecurity Expert, CEH V12, Seceon Ai-SIEM, Ai-XDR, Ai -MSSP, CTI, Cyber Kill Chain CrowdStrike EDR, Darktrace login Threat Visualizer 6.1, Counter Exposure Operations, Next-Gen SIEM, Identity Protection

What are the Queries need to check in EDR or A.I or ML or Threat Intelligence Detection or ENDPOINT or DETECTION RESPOND or SIEM or SOC BELOW are the main important suggested queries : 1. Network Scanning 2. Reverse DNS 3. Large SMB Reads and Writes 4. SMB File Reads 5. SMB File Writes 6. SMB Enumeration / Write to Hidden Share 7. SMB Scripts 8. Large Data Transfers (over 100 MB) in either direction 9. Large External Data Transfers (over 1 GB) over outgoing connections 10. Active Directory Activity 11. Internal Destinations 12. SMB Version 1 13. Unencrypted LDAP 14. Passwords in URI (Internal or External) 15. Password Files 16. CryptoMining 17. BitTorrent 18. Possible Outbound Spam 19. Domain Fluxing (Numbers and/or Letters) 20. TeamViewer Usage 21. Tor2Web 22 Password Files in SaaS 23. Anonymous Access

To view or add a comment, sign in

Explore topics