Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@jkerai1
jkerai1 authored Aug 13, 2024
1 parent 2c4d401 commit 270fc7c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,12 @@ Can block typosquatters, phishing attacks, fraud, and brand impersonation!
![image](https://github.com/jkerai1/DNSTwistToMDEIOC/assets/55988027/f3df970e-cda3-4fa4-b921-bb44127ecd7b)

# KQL

```
DeviceEvents
| where (ActionType == "SmartScreenUrlWarning" and AdditionalFields.Experience == "CustomBlockList") or (AdditionalFields.ResponseCategory == "CustomBlockList" and ActionType == "ExploitGuardNetworkProtectionBlocked")
| extend URL = replace_string(RemoteUrl,'.','[.]')
| summarize by URL, DeviceName,AccountName,InitiatingProcessAccountName

```
![image](https://github.com/jkerai1/DNSTwistToMDEIOC/assets/55988027/dedfe6b0-8841-4460-a7b3-4efbfaece62f)


Expand Down

0 comments on commit 270fc7c

Please sign in to comment.