Volver al hub

Applications with plaintext passwords

Table of applications identified as potentially handling plaintext passwords.

EDRhuntingT1552
FDR intermediatepor ByteRay GmbH (cql-hub.com) 1 min read

Query

"#event_simpleName" = ProcessRollup2 event_platform="Win" CommandLine=/REDACTED/
| wildcard(field=ComputerName, pattern=?ComputerName, ignoreCase=true)
| groupBy([FileName], function=[count(aid, distinct=true, as="Hosts")])
| sort(Hosts)

Explicación

Importado desde cql-hub.com. Agrega explicación de pipes aquí.

Variables a ajustar

Revisa y ajusta los valores según tu entorno.