Skip to content

Commit

Permalink
Git Critical Vulnerability CVE-2024-32002.kql
Browse files Browse the repository at this point in the history
  • Loading branch information
@SlimKQL
SlimKQL authored Aug 25, 2024
1 parent 29b50d0 commit a929ea1
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions DefenderXDR/Git Critical Vulnerability CVE-2024-32002.kql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,13 @@ ExposureGraphEdges
DeviceTvmSoftwareVulnerabilities
| where CveId == "CVE-2024-32002"
| where DeviceName has_any (CriticalDevices)

// MITRE ATT&CK Mapping

// The KQL query is designed to identify critical identities and devices, and then find devices with a specific vulnerability. The associated MITRE ATT&CK techniques include:

// T1078: Valid Accounts
// T1078.001: Valid Accounts: Local Accounts
// T1078.003: Valid Accounts: Local Administrator Account
// T1190: Exploit Public-Facing Application
// T1210: Exploitation of Remote Services

0 comments on commit a929ea1

Please sign in to comment.