Hunting-Queries-Detection-Rules
Hunting-Queries-Detection-Rules copied to clipboard
Published
20 hours ago •
alexverboon
alexverboon
Exposure management - EEG-criticalassets
trafficstars
This query only returns the default criticalassets defined by MS, not the custom classifications or the default ones which are manually changed to a higer classication. At the moment, only domaincontrollers and entraID connect servers are returned as level 0. In the GUI, also ADCS servers are promoted to level 0 and SCCM also. This is not returned by the query
