jennafrank/threat-hunting-tor-imperial

GitHub: jennafrank/threat-hunting-tor-imperial

基于 MDE 平台的 TOR 未经授权访问威胁狩猎报告，提供 KQL 查询和端点遥测分析的全流程参考。

Stars: 0 | Forks: 0

![Imperial Security Division](https://img.shields.io/badge/⚫%20IMPERIAL%20SECURITY%20DIVISION-CLASSIFIED-red?style=for-the-badge&labelColor=000000) ![MDE](https://img.shields.io/badge/Platform-Microsoft%20Defender%20for%20Endpoint-blue?style=for-the-badge&logo=microsoft&logoColor=white) ![KQL](https://img.shields.io/badge/Language-KQL-red?style=for-the-badge&logo=azuredevops&logoColor=white) ![Status](https://img.shields.io/badge/Status-THREAT%20CONFIRMED-darkred?style=for-the-badge)

# ⚫ 帝国威胁调查：未经授权的 TOR 网络访问 - [帝国场景设置 — 事件创建日志](threat-hunting-tor-event-creation.md) ## 使用的平台和语言 - Windows 10 虚拟机 (Microsoft Azure) - EDR 平台：Microsoft Defender for Endpoint - Kusto Query Language (KQL) - TOR 浏览器 ##

标签：IP 地址批量处理, KQL, Microsoft Defender, Tor流量分析, 搜索语句（dork）, 端点安全, 补丁管理